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You need to know about ALERT™ from 
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*/ Available for MVS, VM and VSE 
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IT CAN T HAPPEN HERE Most of us take threats to our homes, lives and loved ones seri- 


ously, so why do we treat the safety of our computer systems with any less caution? Many factors are 
working to make our systems less secure — the increase in connectivity, the rising sophistication of 
users and management’s unwillingness to take the problem to heart. Blase attitudes can harm the 

best intent to put a security plan in place. The author takes a look at the state of mind in the security 
industry today. By Patricia Keefe. Page 12. 


BEYOND THE BLUE Disaster recovery services aren’t just for IBM anymore. While the large 


providers continue to concentrate on IBM equipment and sites, smaller companies are targeting 
their offerings to the likes of Data General and Unisys. Certain firms, such as Digital and Wang, have 
even taken matters into their own hands and set up recovery services for their customers. Read 
about the non-IBM recovery services market and the organizations that are looking out for No. 2 
and 3 and 4... By Stan Kolodziej. Page 19. 
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Portrait of a fortress 


By Michael Tucker. Take a journey 
through a secure storage facility 
with the MIS manager of mythical 
XYZ Corp. and find out about the in- 
ner workings of a data and equip- 
ment storage stronghold. Page 17. 


Catching disasters 

By Kenneth Brill. This site uptime 
consultant says the conditions that 
lead to disasters can be identified 
and safely eliminated before cata- 
strophic downtime strikes. By 
learning to read the warning signs 
and taking precautionary steps, 
your company can be a safe haven 
for data. Page 23. 


The ins and outs of UPS 

By Stan Kolodziej. The market for 
uninterruptible power supply wares 
is moving out of its traditional bas- 
tion in industry and the military and 
into the DP arena. Products are be- 
ing revamped, making the technol- 
ogy increasingly attractive to MIS. 
Discover what’s new. Page 25. 


Your systems’ vital signs 

By Stan Kolodziej. MIS is turning to 
performance monitors to help pin- 
point critical weaknesses in existing 
machines. Monitoring can catch cul- 
prits chewing up resources through 
task activities or running a program 
in a loop; it keeps close watch on 
CPU and device use and so on. Best 
of all, these tools can help MIS 
squeeze better performance out of 
its systems. Page 31. 


COVER BY DAVE SHANNON 


UEUUANEDAUERH 


Disaster recovery plans 


How better to show you 
that disaster recovery plan- 
ning pays than to let you 
read about the experiences 
of those who survived mis- 
fortune? Senior Writer Hel- 
en Pike interviews MIS 
professionals who speak 
candidly about what their 
companies went through 
and the importance of hav- 
ing a plan of action in place. 
Plus: A security expert ana- 
lyzes how much security is 
enough. Starts on page 27. 
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From the Editor 


Including your letters to us. Page 4. 


News & Analysis 


Mainframe security remains profit- 
able; NBS pushes for more security 
standards; U.S. rethinks stance on 
Toshiba; Unix goes secure; NYSE 
systems after the crash. Page 5. 


Manager’s Corner 
Jim Young on MIS job security. 
Page 10. 


Q&A 


Two MIT professors discuss their 
data security projects. Page 10. 


Blue Beat 
Brian Jeffery on postreorganization 
IBM. Page 35. 


Products 


Tech Talk on a garage-turned-stor- 
age-facility; Harris’ encryption/de- 

cryption device; the “‘televaulting” 
concept; low-tech security options 

for protecting PCs. Page 35. 


Calendar 


Industry events. Page 39. 


The Insider 


Michael Millikin on relying on lazy, 
sloppy users for security. Page 40. 


Log Off 
U.S. figures verify the high cost of 
disasters. Page 40. 
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_ network activity, providing significant 


ice for 


‘session managers in my mind. We 
‘were especially pleased with the 


security system interfaces that allow 
us to maintain security from a single 
point of entry.” 

Tom Learned 

Senior Data Communications Specialist 

Fleet Information Inc. 


“We're impressed with the quality of 
_ technical support Duquesne Systems 


ble to answer questions, solve 
discuss ideas. When we 


ae “We have more than 2,000 users 
_ defined to TPX— 1,000 of which may 
be active at peak times. This trans- 


lates into about 2,500 active sessions 
on our 3090-400 with TPX responsi- 
ble for only 2% of the CPU resource 
consumption. We consider this a 
small price to pay considering the 
increase in user productivity.” 

Randy Chapman 

Network Systems Programmer 

UNUM Life 


DUQUESNE 
SYSTEMS 


(800) 323-2600 
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Right tool, wrong use: 4GLs 
shaped by management decree 


While I appreciated the remarks on fourth-gener- 
ation languages (4GL) in the story, ‘The fate of 
4GLs,” in the Feb. 3 issue of Computerworld Fo- 
cus, I would like to add my own observations on 
the 4GL identity crisis. I have worked in Informa- 
tion Builders, Inc.’s Focus as a contractor for a 
few years now, and I have yet to see Focus used in 
atruly 4GL project. 

More than likely what happens is that some- 
one at the top in DP decides that the company will 
use a 4GL for its new projects. Management fur- 
ther down the chain acknowledges that edict, so 
everything from then on is written in 4GL, and 
dummies like me end up hammering away at Fo- 
cus to make it behave like and replace an existing 
10-year-old Cobol/IMS reporting system. 

Also, most projects that I have worked on pre- 
sume that we must use Focus data bases, which 
just happens to be a major cause of our problems 

and delays. 
While Ford Motor Co. is an 
outstanding counterexample 
(it liked to use Focus with IBM 
DB2 files), most users have 
failed to grasp that Focus does 
not need to use its own data 
bases. d 
One last observation: There 
are still a lot of suckers out 
there who think that they can 
be independent of their pro- 
gramming department. Actually, Focus has been 
a secret weapon to make sure that programmers 
like myself stay employed. 
Walter Aardsma 
Duluth, Ga. 


Recent MIS graduate discovers 
a catch-22 in new job prospects 


I just finished reading your “Teach your pupils 
well” editorial in the Feb. 3 issue of Computer- 
world Focus. Being a “new” MIS graduate (hav- 
ing graduated in Dec. 1986), I can sympathize 
somewhat with your article. 

According to you, the percentage of students 
“seeking careers as computer programmers and 
analysts has decreased since 1983,” but it is also 
true that one of the main reasons for this situation 
is the lack of MIS employment opportunities. 

Employers want analysts and programmers 
with three to four years of experience; therefore, 
any new MIS graduate is turned down and givena 
new career path that is easier to access and grow 
in while waiting for an opportunity to come up. 

There are a lot of MIS graduates out there 
that would like to have the chance to spread their 
wings and give data processing a shot. But is any- 
body out there willing to give us a chance? 

Idalia Lopez-Hernandez 
Systems Operator 


Will a business or technical 
slant better open MIS doors? 


Without attempting to invoke a sentimentalism 
akin to the “Dear Abby” letters in the newspa- 
per, I seek an additional perspective on my posi- 
tion in the MIS industry. 

Reading the “Teach your pupils well” editori- 
al in the Feb. 3 issue of Computerworld Focus 
caused a number of mixed feelings, many of which 
were pleasing. On the one hand, I questioned 
whether the MIS industry might slowly sink back 
into its data processing background because of 
the lack of students willing to prepare themselves 
to become future MIS management. On the other 

Continued on page 7 


4 FOCUS 


SECURITY 
VIEWPOINT 


FROM THE 


EDITOR 


A healthy 
paranola 


irst, some items of interest. Second, a question. 


Item 1: Last year, a group of West German com- 
puter hobbyists successfully entered an international 
computer network belonging to the U.S. National Aero- 
nautics and Space Administration. They were “ethical” 

hackers and didn’t break anything. But still, they had the run of 
the place for at least three months. 


Item 2: Early this year, a California-based distributor shipped an 
IBM 9375 to an address in Florida after someone ordered it over 
the phone. The computer, worth $200,000, vanished. It is a 
good bet that it is now either on the black market or in Havana. 


Item 3: There is a story, widely reported, that sometime last 
December, somebody sent a holiday greeting into the internal 
communications network of a certain large computer maker 
based in New York state. (Three guesses which one.) The kicker 
is that the electronic mail contained a virus, a self-replicating 
program. Within a matter of days, it had spread through the en- 
tire network and brought a worldwide communications system 
to its knees. 


Now, the question: Is anybody paying attention? 


Each of these cases was relatively harmless. Yet each should 
give you nightmares as an MIS professional. If you sleep peace- 
fully, then you are either one of those rare MIS officers who has 
made a real effort to defend your data, or, more likely, you do not 
comprehend the peril you face. And it’s easy not to understand. 
MIS wants to develop open systems. Its business, after all, is 
making data available, not locking it up. 


Yet, increasingly, the value of information is becoming apparent 
to thieves and vandals, and MIS must protect it. But that effort 
will require that MIS officers jettison some of the openness — 
call it innocence — that has marked their profession in the past. 
Instead, they must cultivate something of the paranoia that 
must be a part of the business strategist’s psyche. ‘That idea is 
grim, but the alternative is worse. If MIS officers cannot impose 
security on computing, then someone else — someone from top 


management — will do it for them. MiDu 0 
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We welcome letters to 
the editor and publish 
those we judge to be of 
interest to our readers. 
Letters should be 
addressed to the Editor, 
Computerworld Focus, 
375 Cochituate Rd., 
Box 9171 
Framingham, Mass. 
01701-9171. 
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UPDATE Big iron security 


Leading packages in IBM and 
plug-compatible mainframe sites 


Security low on users’ lists 
Paradox time. On the vendor 
side, there’s always a flurry of 
computer products dealing 

with securing data, but when it 
comes to the users of these 
products, enthusiasm for securi- 
ty always seems to be on the 
back burner. 

“We recently sent our cli- 
ents a list of about two dozen po- 
tential research topics for 1988 
and asked them to rate the topics 
in order of importance,” ex- 
plains Jack Freeman, senior ana- 
lyst in data communications for 
The Yankee Group in Boston. 
“Security came in dead last.” 

Freeman says the same 
thing happened at a recent net- 
work seminar sponsored by his 
research group. “For two days 
they talked personnel, vertical 
integration, network costs — 
everything except security.” 

How could the vendors’ and 
users’ attitudes on security ap- 
parently be such worlds apart? 

“Vendors keep creating se- 
curity products that users never 
use,” Freeman says. ‘Users 
don’t care about security be- 
cause they can’t quantify it to 
justify security’s expense to 
management. If you put in a 
network with 30 personal com- 
puters and a server, that’s easy 
to quantify. Not security.” 

The result, Freeman says, is 
that many vendors pay token 
service when it comes to inte- 
grating security into products 
outside the banking and finan- 
cial communities, which, by law, 
are required to adhere more 
strictly to data security regula- 
tions. And users who are genu- 
inely serious about security will 
have to pay for it. 

“T just talked to some ven- 
dors that were offering the op- 
tion of the [National Bureau of 
Standard’s] Data Encryption 
Standard on their leased-line 
modems and asked them why the 
security cost so much,” Free- 
man says. ““The answer was, 
‘Because nobody’s buying it.’ ” 

If attitudes change, Free- 
man reasons, maybe the price of 
security will come down. 

IBM, Tandem make moves 
in fault-tolerant market 
Seismic activity continues in 
the fault-tolerant market. IBM 
has introduced two entry-level 


SECURITY 


news & analysis 


models of its System/88 fault- 
tolerant systems line. IBM is 
aiming the machines at custom- 
ers that need fault tolerance for 
lighter volumes of on-line trans- 
action processing. 

Surprise: Both systems are 
being supplied by fast-tracking 
Stratus Computer, Inc., the 
Marlboro, Mass., company that 
has lately been stringing to- 
gether a long list of big-profit 
quarters. 

In the meantime, Stratus’s 
archrival, Tandem Computers, 
Inc., has swept in and taken the 
fair hand of networking company 
Ungermann-Bass, Inc. from the 
clutches of erstwhile suitor Digi- 
tal Communications Asso- 
ciates, Inc. (DCA), which has 
been on an acquisitions spree 
lately. 

Actually, DCA’s hostile 
takeover attempt appeared to 
drive Ungermann-Bass into the 
arms of fault-tolerant stalwart 
Tandem. Under terms of the 
merger, Ungermann-Bass will 
become a wholly owned subsid- 
iary and independent division of 
Tandem. 

Analysts see the Tan- 
dem/U: ngermann-Bass merger 
in a positive light. For Unger- 


munications networks to large 
corporate clients, the tie with 
Tandem will probably supply a 
needed infusion of operating 
cash as well as access to Tan- 
dem’s global marketing and sup- 
port services. For Tandem, 
Ungermann-Bass will provide 
broader isewide 
networking capabilities to its 
fault-tolerant systems, some- 
thing for which many banking, 
retail and finance customers 
are asking. 


Fail-Safe boasts first 
fault-tolerant PC system 


The fault-tolerant market got a 
little hotter in January when 
Fail-Safe Technology, Inc. in 
Los Angeles introduced its FS 
66, a system that the company 
claims is the first fault-tolerant 
personal computer. 

To drive its point home, 
Fail-Safe officials claim that the 
FS 66 is guaranteed for three 
years of mean time between fail- 
ures and needs no more than 

Continued on page 9 


50% 

Computer Associates 
CA-Top Secret 
CA-ACF/2 


On-Line Software 
International, Inc. 


VM Software, Inc. 
VMSecure 


INFORMATION CULLED FROM 1987 COMPUTER INTELLIGENCE CORP. 
STATISTICS TAKEN FROM A BASE OF 11,500 U.S. IBM AND PLUG- 
COMPATIBLE MAINFRAME SITES. OF THE 11,500, 35% USED AT LEAST 
ONE BRAND OF COMMERCIAL MAINFRAME SECURITY SOFTWARE; 

4% DEVELOPED SECURITY SOFTWARE IN-HOUSE; AND 61% DID NOT 
USE ANY MAINFRAME SECURITY SOFTWARE AT ALL. 


GRAPHIC BY BRUCE SANDERS 


Mainframe security 
plods along profitably 


Suppliers of mainframe security 
software are part of a select and 
profitable bunch. Computer In- 
telligence Corp., a La Jolla, 
Calif., research firm, reports 
that IBM and Computer Asso- 
ciates International, Inc. control 
80% of the total U.S. market for 
mainframe security software. 
Trailing far behind in market 
share are On-Line Software In- 
ternational, Inc. with 8% and 
VM Software, Inc. with 4% (see 
chart above). 

No one has ever accused 
mainframe security software of 
being a glamorous market, how- 
ever. Such software basically re- 
sides on an IBM mainframe and 
is used to control system re- 
source access and manage direc- 
tories and disk space for IBM 
VM and MVS operating sys- 
tems. 

IBM’s RACF is a venerable, 
aging product that has come un- 
der some criticism for its relative 
inflexibility and continuing em- 
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phasis on strict, centralized con- 
trol in a time of transition, when 
users are asking for more flexi- 
ble security at the personal com- 
puter level. 

“I think we're seeing changes 
in the attitudes of users,” ex- 
plains Jim Graves, marketing 
manager at VMI, a 


Los Angeles-based | The NYSE’s systems 
vendor of security | are still feeling the 
software for the VM | heat months after the 


operating system. 


“I think users want | Crash. Page 8. 


to be able to control security, 
handle their own encryption and 
do it easily at their level, and I 
don’t think they can do that with 
the i software now 
available. They want to be able 
to hit a command and decide 
their encryption queue quickly 
after they’ve finished editing or 
creating afile,”’ he says. 

But Mary Welch, marketing 
manager at Computer Asso- 
ciates, says mainframe security 

Continued on page 6 





The National Bureau of Standards (NBS) 
expects to make a major push forward in 
fiscal 1989 in its research of security is- 
sues affecting networks, programming 
languages and system interfaces as well 
as data encryption. 

“The security aspect of all these tech- 
nologies needs to be addressed,” stressed 
Sheila Radack, spokeswoman for the 
NBS’s Institute for Computer Sciences 


SECURITY 
NEWS & ANALYSIS 


NBS plans to push for more 
security standards next year 


and Technology. ‘There has been much 
attention paid to building in security in the 
{International Standards Organization’s 
Open Systems Interconnect] architec- 
ture. There is substantive work to be 
done.” 

Radack made her comments in mid- 
February, shortly after the U.S. Depart- 
ment of Commerce submitted its $2.4 bil- 
lion budget proposal for fiscal 1989, 


which begins Oct. 1. The NBS, a division 
of the Commerce Department, has a pro- 
posed $158 million allocation. Of that 
amount, $8.58 million is tagged for the In- 
stitute for Computer Sciences. 

An extra $3 million is proposed for the 
implementation of the Computer Security 
Act of 1987 that legally establishes re- 
sponsibility for the Data Encryption Stan- 
dard (DES) with the NBS. Previously, the 
National Security Agency (NSA) had ex- 
pressed an interest in maintaining the 
DES, which has evolved into a de facto 
standard for nonclassified data. The legis- 
lation requires that the NBS establish se- 
curity standards and training programs 
for federal agencies using nonclassified in- 
formation systems. 


One form of endless power 
is more reliable than ours. 
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The NBS and the Secretary of Com- 
merce review the DES every five years to 
determine its adequacy to protect com- 
puterized data. Although the DES is used 
widely by both the public and private sec- 
tors, such as the American National Stan- 
dards Institute and the American Bankers 
Association, Radack says interest is pick- 
ing up in general business and electronic 
data interchange applications. 

As a result of the Computer Security 
Act, the NSA retains authority over secu- 
rity for classified systems as well as for 
telecommunications when cryptography 
is involved. Under National Security De- 
cision Directive 145, passed in 1984, the 
NSA had received (12 responsibility to 
design security programs for some data, 
including financial data, not related to na- 
tional defense. However, private sector 
businesses said they found the NSA pro- 
grams too expensive and complicated for 
their use, in particular jeopardizing mil- 
lions of investment dollars in security 
technology based on the DES. 

The Computer Security Act of 1987 
requires the NBS, however, to use the 
technical security guidelines from the 
NSA “to the maximum extent feasible.” 
It also requires establishing a 12-member 
advisory board to provide advice to the 
private sector. 

“The NBS will work more with the pri- 
vate sector in the coming years,” Radack 
says, citing cost-effectiveness as a leading 
government goal where security is con- 
cerned. ‘‘The problems in the public and 
private sectors are the same. Nobody 
wants the government to be expensive. 
We want to bring the cost down for every- 
one.”” — HP 


s 
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software has kept up with the times. 

“These security products are designed 
for major IBM operating systems, and 
that means centralized control,” she says. 
“‘T think they’ve evolved very well during 
the past 12 years. They all stem from 
IBM’s original design for RACF, which 
was to protect a few data sets, but now 
these systems can protect any resource 
— data sets, IBM CICS resources, trans- 
action terminals, CPUs and a whole range 
of things. 

“One advance,” Welch continues, ‘‘is 
security backup through a process called 
‘by default,’ which means that even if the 
security system doesn’t know about cer- 
tain data to be protected, the information 
is still locked off, users can still access it 
and you don’t have something sitting out 
there that isn’t protected.” 

However, Jeffrey Beeler, industry ana- 
lyst at Dataquest, Inc., a San Jose, Calif., 
research firm, says he thinks that main- 
frame security software firms have been 
given an easy ride. “‘Users are demanding 
more customized security software, and 
that’s why PC security software has made 
some strong advances. But there still isn’t 
enough pressure on vendors to make the 
kinds of changes necessary at the main- 
frame level,” Beeler maintains. 

“The problem is not just with the 
mainframe security industry,’ he adds, 
“but with computer security as a whole. 
Users are simply not interested enough in 
security. When that changes, you'll see 
dramatic changes in the software. Until 
then, it’s business as usual.”” — SK 
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Toshiba Corp., the Tokyo-based multina- 
tional giant, may yet escape the fury of 
the U.S. Congress. Late last year, To- 
shiba found itself in the middle of a major 
security-related scandal when one of its 
branches, Toshiba Machine Co., was part 
of a scheme to sell restricted technology 
to the Soviet Union. 

Ina deal straight out of a John La Carre 
espionage novel, Toshiba Machine and a 
Norwegian firm, A/S Kongsberg Vapen- 
fabrikk in Konsberg, Norway, allegedly 
sold the Soviets computer-controlled mia- 
chine tools to make improved submarine 
and ship propellers. Military analysts 
have said that subs equipped with the new 
propellers will be much quieter and much 
more difficult to detect with sonar than 
subs with older props. 

In response, Congress debated impos- 
ing a total ban on Toshiba imports to the 
U.S. for up to five years. In fact, there is 
still legislation pending that may mete out 
exactly that kind of harsh punishment. 

However, Toshiba may yet be spared. 
As federal authorities investigated the 
case, it became increasingly apparent that 
it may not be just to hold Toshiba totally 
responsible for the actions of Toshiba Ma- 
chine. According to one international 
trade analyst, who declined to be named, 
“Most Japanese corporations are rather 
feudal in nature. Individual divisions or 
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subsidiaries may function very much as if 
they were independent business entities. 
Toshiba may be, say, the Holy Roman 
Emperor, but Toshiba Machine is a very 
independent North German prince.” 

Evidence has surfaced, for instance, 
that Toshiba Machine actively misled its 
parent and the Japanese government. 

As a result, there is now a movement 
afoot in the U.S. House of Representa- 
tives to impose sanctions on Toshiba Ma- 
chine but to exempt the parent company 
from the ban. A spokesman for Toshiba 
notes, “There is a chance for a happy res- 
olution of the matter with punishment 
falling on the really guilty without hurting 
innocent people in the process.” 

Toshiba still faces a battle, though. It 
must somehow convince congressmen 
that the parent should not be held ac- 
countable for the actions of the child. Fur- 
ther, it must do so in an election year, 
when the U.S. public is growing resentful 
of the Japanese closed-shop tariff system, 
which makes it easy for the Japanese to 
export to the U.S. but almost impossible 
for goods to go back the other way. 

And the fact is not going to be lost on 
congressmen that Toshiba was preparing 
to counteract the export ban’s restric- 
tions by establishing manufacturing facili- 
ties in the U.S. — andso provide U.S. citi- 
zens with jobs. — MT 


Institute: Computer security 
business posts banner decade 


The current decade has seen more data 
security and training companies set up to 
do business than in any 10-year period 
since 1950, according to figures compiled 
by the Computer Security Institute in 
Northboro, Mass. 

The institute, which publishes an an- 
nual buyer’s guide on security products 
and services, recently released its 1988 
edition in which 525 vendors were listed. 
Of that figure, 199 companies were 
launched since 1980. 

“The growth has just been monumen- 
tal,” comments Rick Koening, the insti- 
tute’s associate director. The networking 
of minis and personal computers into a 
communications system is one reason be- 
hind the upswing in business, he says. 

In the 1950s, the security market 
showed a 2% increase of companies 
launched, and those were primarily ven- 
dors of safes for keeping magnetic tapes, 
according to Koening. The 1960s saw a 
5.7% increase, while business activity 
héated up in the 1970s with an 11.6% in- 
crease. But from 1980 to 1986, business- 
es almost tripled to a stunning 28.4%. 

Koening admits it is difficult to trans- 
late the number of companies into a num- 
ber of available products and services. 
However, he does cite certain hot product 
categories. On the list are PC security, in- 
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cluding access control and smart cards; 
network security, especially for local-area 
networks; and security sensitivity train- 
ing for internal corporate affairs. 

“The current hot button on the PC and 
minicomputer fields is good for a least 
three to five years,” he estimates. Koen- 
ing further observes that demand for 
mainframe security is holding steady, ex- 
cept in multivendor networks, in which 
case the demand is rising. 

“A lot of interconnectivity issues have 
[yet] to be resolved,” he adds, referring to 
the relationship between implementing 
security and the push for communications 

«standards. 

Koening, who used to be in charge of 
computer and data security at Union Car- 
bide Corp., stresses that MIS managers 
should have more contact with hardware 
and software companies, talking to them 
about their unique security and compati- 
bility needs. ‘No one denies a solution is 
needed. [But] vendors need to be able to 
justify their development costs,” he says. 

There is an ironic twist to users’ bur- 
geoning interest in security. Koening 
says, “Whenever a bunch of incidents 
about computer viruses gets reported in 
the press, that heats up interest with 
those people who have shelved the securi- 
ty issue.” — HP 


dB 


By Rich Tennant 
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hand, I could see myself competing for 
MIS positions from a smaller pool of eager 
beginners. I prefer the latter. 

Visualize a community college honors 
graduate in electronics and computer 
technology being hired as a DP operations 
technician in charge of the maintenance of 
terminals, printers, modems and all asso- 
ciated cabling. Now visualize that same in- 
dividual, two years later, working as a DP 
operations technician solely in charge of a 
30-station keyphone system, administrat- 
ing a modest superminicomputer and a 
data communications network with 
leased lines spanning two phone compa- 
nies — along with his previous duties as 
an electronics technician. 

Although, in my own mind, my current 
responsibilities touch on the basic con- 
cepts of MIS, the want ads seem to say 
that I don’t have what it takes to make it 
in MIS. What further strengthens this 
sense of insecurity is the fact that the de- 
mand is for people with a degree in com- 
puter science or business while I am con- 
tinuing my education in the evenings in 
electrical engineering/business. 

What does MIS want for the future, an 
engineering/technical base with business 
to fill the gaps or a programming/business 
base with a touch of technology just to 
keep up with the real world? 

John H. Campbell 

DP Operations Technician 
Agrinorthwest 

Tri-Cities, Wash. 


From promoters to resistors: 
MIS changes for the worse 


I am writing in response to the editorial, 
“Emotional Feedback,” in the March 2 is- 
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sue of Computerworld Focus. 

The mental picture that I get of the 
those interviewed for this piece is of peo- 
ple with skinny neckties and flattop hair- 
cuts who can’t think beyond 80-card col- 
umns. It is interesting to find out that the 
people who during the last 30 years have 
been so instrumental in introducing tech- 
nological change to business are now so 
resistant to the continued growth of these 
technologies. It would appear that their 
interests are purely self-serving and not 
in the interest of the businesses they 
serve. 

Thirty years ago, when we were intro- 
ducing automation to general business on 
a large scale, employees in the production 
and financial departments were asking, 
“Who are these people anyway, coming 
into our departments, telling us how to 
do our work and taking our work away 
from us?” 

Listen to the attitudes expressed by 
some of the people you interviewed. 
They are asking similar questions, aren’t 
they? What goes around, comes around. 

Information systems people are very 
quick to call themselves “professionals.” 
They often perceive their function as a 
line department function. What many of 
them tend to forget is that their function 
in the corporation is a staff function, in 
support of business operations. And un- 
fortunately, much of the business commu- 
nity does not yet accept these people at 
the professional level. Certification of 
these people in technical areas has yet to 
influence hiring and promotion on a wide 
scale. 

If we are to gain the acceptance in busi- 
ness that we desire, we must first get with 
the business. We must quit looking upon 
those in the business areas of our compa- 
nies as users, a description that has come 
to be used in a derogatory fashion. We are 
also users. 

Continued on page 8 
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This year’s Uniforum was haunted by the 
concept of security. 

Uniforum is a Unix trade show, held by 
the /usr/group, that took piace at the Info- 
mart exhibition center in Dallas in Febru- 
ary. Most observers said that it was a qui- 
et show, with only a few major product 
announcements. 

The obvious action was provided by 
certain big-name vendors, each of which 
was making a bid to be the leader of the 
Unix world. Specifically, the would-be 
kings of Unix included Apple Computer, 
Inc., IBM and Sun Microsystems, Inc. in 
alliance with AT&T. 


The Unix oxymoron 

But there were other, concealed stories 
at Uniforum. Those stories had to do with 
secure Unix and the large number of at- 
tendees from federal and military agen- 
cies. Increasingly, the government is re- 
quiring Unix on its systems, but it is also 
requiring levels of security that Unix was 
simply never designed to provide. “‘Let’s 
face it,”’ said one attendee, an Air Force 
officer who asked not to be named, “until 
recently, secure Unix was a contradiction 
in terms.” 

Unix’s problem with security is that its 
original home was in software develop- 
ment, where openness is a virtue. Most 
Unix systems are meant to allow commu- 
nications, not prevent them. (This quality 
was one of the objections to commercial 
Unix. During the 1980s, observers and 
analysts decried the operating system’s 
lack of file and record locking.) 

However, vendors and standards 
groups are addressing the security issue 
in Unix via a variety of means. Some are 
trying to provide the Unix operating sys- 
tem with security through proprietary re- 
writes of sections of the kernel. Others 
are trying to codify and exploit capabili- 
ties already in Unix that might provide 
greater security. 

X/Open, a London- and San Francisco- 
based standards organization made up of 
Unix vendors, is one of the latter. “The 
thing about Unix,” notes Robert Acker- 
man, X/Open’s chief marketing officer, 
“is that it contains so very many things 
that it is difficult to know exactly what is 
there already. We are attempting to see 
what is in Unix that can provide real secu- 
rity and produce documentation on how 
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to use it.”” 

To this end, X/Open is currer.tly devel- 
oping a handbook on Unix security. 

Meanwhile, a number of vendors at 
Uniforum displayed new or revised meth- 
ods of making Unix fault tolerant. For ex- 
ample, Tolerant Systems, Inc. in San 
Jose, Calif., showed X.25 software that al- 
lows its fault-tolerant Unix offering, TX, 
to connect to packet-switched data net- 
works. 

However, for many of the exhibitors at 
this year’s Uniforum, the real issue was 
their own financial security, rather than 
that of their products. On the first day of 
the show, within hours of one another, 
three groups — Apple, IBM and the Sun- 
AT&T allian 2 — all made claims to the 
leadership of the Unix world. 

The first was Apple, whose Chief Ex- 
ecutive Officer John Sculley gave the key- 
note address. In a multimedia event com- 
plete with a minimovie displaying Apple’s 
conception of the computer of the future, 
Sculley introduced AUX, Apple’s Unix 
implementation for its Macintosh. 


IBM won't be outdone 

Within 30 minutes of the Apple press con- 
ference, IBM staged a competing event in 
which it discussed its strategic directions 
regarding Unix. In the process, IBM an- 
nounced that AIX would be, from hence 
forward, the sole Unix system for Big 
Blue machines and that it would eventual- 
ly be available on IBM’s entire product 
line. 

That evening, Sun, AT&T and main- 
frame maker Amdahl Corp. announced 
that they would be cooperating on a single 
Unix standard. 

Each of these three groups hopes to 
bring Unix deeper into MIS departments. 
In the process, though, they, too, will en- 
counter the security issues that currently 
vex government buyers. Some analysts 
are suggesting that the security of Unix 
will become one of the industry’s chief 
preoccupations. 

“In the end, we all face the same prob- 
lem,” said one Uniforum attendee who 
identified herself only as an employee of a 
government agency involved with intelli- 
gence. “Whether it is electronic funds 
transfer or intelligence data, the goal is to 
keep the wrong fingers out of the right 


The infamous stock market crash of Oct. 
19, 1987 has produced its share of finger 
pointing, with several aimed directly at 
the computer systems used at the New 
York Stock Exchange (NYSE). 

While a congressional committee, 
chaired by Sen. William Proxmire (D- 
Wis.), is studying a wide range of stock 
trading issues following the aftermath of 
the market meltdown, a report already is- 
sued by the General Accounting Office 
(GAO) has tarnished some of the gleam of 
the once-touted exchange computer sys- 
tems. 

The basic thrust of the GAO report 
concentrated on a number of temporary 
breakdowns involving nine of the NYSE’s 
12 computer systems Oct. 19, sometimes 
for as long as 75 minutes, during which 
time trade orders were not being pro- 
cessed. 

“The result,” according to a GAO 
spokesman, ‘‘was that about 8,000 orders 
were never executed, and based on the in- 
formation we received from the ex- 
change, those orders involved about 
320,000 shares of stock.” 


Not the only hellish day 

It was not just that fateful day in October 
that all hell broke loose. The GAO indi- 
cates that the computers also delayed 
printing orders Oct. 20 and Oct. 21. Once 
the problems began, the GAO says, they 
escalated, causing other problems. 

For example, regional exchanges, in 
such cities as Chicago and Cincinnati, to 
which many orders are directed from the 
NYSE, have a two-minute window in 
which to execute an order. On Oct. 19, 
however, only about one-third of these or- 
ders met the two-minute window. The re- 
mainder backed into the NYSE comput- 
ers and aggravated the situation. 

The NYSE then asked other ex- 
changes not to use the system for an hour 
and 15 minutes, and on Oct. 21, the entire 
system had to be closed for two hours just 
to process the order backlog. 

What caused the problem? First of all, 
the GAO says, the Tandem Computers, 
Inc. fault-tolerant systems and IBM main- 
frames were simply not enough to handle 
the estimated 600 million shares that 
passed through the NYSE on the 19th. 


Those directly involved with Black 
Monday do not dispute that accusation. 
Charles McQuaid, president of Securities 
Industry Automation Corp., the New 
York group responsible for the computer 
systems at the NYSE and American Stock 
Exchange, says that what his organization 
faced between Oct. 16 and Oct. 20 “were 
five successive days when the volume ex- 
ceeded by 10% to 100% the volume of the 
biggest single previous day in the history 
of the New York exchange. 

“Until then,” McQuaid says, “the big- 
gest day had been 300 million shares on 
Jan. 23, 1987.” 


Preparing for the future 

According to McQuaid, the NYSE testi- 
fied before the Proxmire commission that 
it was preparing for somewhere between 
425 million and 450 million shares by 
year-end 1987 and that 600 million 
shares were on the horizon for 1989 or 
1990. 

“You have to keep it in context,” 
McQuaid argues. ‘We had problems with 
the systems, but under the circum- 
stances, they came through marvelous- 
ly.” . 

Dave Kelly, president of New York- 
based National Securities Clearing Corp., 
which handles all the clearing of traded 
shares on the New York, American and 
over-the-counter exchanges, also jumps 
to the defense of the status quo. 


Big bucks 

“We did about $60 billion worth of activi- 
ty on Oct.-19 for settlement on Oct. 26,” 
according to Kelly. “After the biggest 
trading day in history, after everything 
washed through the system, we only 
wound up with a fail change of 
$200,000.” 

Both McQuaid and: Kelly agree, how- 
ever, that there is room for improvement, 
and some of the GAO recommendations 
involving beefing up the processor and 
storage capacity of the computers have 
already been implemented. 

“What this has done is focus the atten- 
tion of Congress and the nation on vital is- 
sues surrounding the exchanges,” 
McQuaid explains. “That’s going to lead 
to long-term, positive changes.” — SK 
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places.” — MT 
Letters 
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We must learn to accept the 
fact that, because we are con- 
tinuing to educate students to 
acquire business degrees and to 
follow business goals but also to 
have technical knowledge, these 
graduates will enter business 
knowing how to solve business 
problems with technology and 
without our help. 

We must acknowledge the 
faci inat just as we were the in- 
struments of change, so must we 
be open-minded to the inevitable 
change that will happen to us. 
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We must supplant our own de- 
partmental goals with those of 
the corporation. Only when we 
do this will we grow. Only when 
we become part of the corporate 
team will we be accepted. 
Gustave Neuss III 
Cincinnati 


Another reason LANs 
will overtake minis 


Add this to the reasons why lo- 
cal-area networks will overtake 


minicomputers in departmental 
computing [“‘Are the mini’s days 
numbered?,” CW Focus, March 
2): LANs can now run the same 


applications as minicomputers. 
This ability is possible thanks 
to software that emulates the 
IBM System/36 environment on 
IBM-compatible personal com- 
puters and LANs. One such soft- 
ware product is California Soft- 
ware Products, Inc.’s Baby/36. 
Up to now, some users were 
forced to choose minis because 
that was all their chosen applica- 
tions would run on. With the abil- 
ity to port minicomputer applica- 
tions to LANs, Baby/36 software 
Mark Toennisson 
California Software 
_ Products, Inc. 
Santa Ana, Calif. 
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one millisecond to recover from 
a hardware failure. At $2,000, 
the IBM Personal Computer 
XT-based machine is priced 
right, and Fail-Safe is slated to 
soon introduce Intel Corp. 
80286- and 80386-based mod- 


puter passwords as well as oth- 
er basically inadequate security 
methods now widely used in the 
commercial market. 


Come one! Come all! It’s 
IBM’s traveling OS/2 show 
Taking its cue from a World 


War II recruitment poster, IBM 
wants you — to sign up for its 
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Personal System/2 micros and 
OS/2 operating system. 

IBM is midway through a 
three-month recruitment drive 
it is calling the PS/2 OS/2 Ap- 
plications Forum. The road show 
has 13 cities on its itinerary, 
and IBM is not traveling alone. 
Seven software developers 
have signed on to help IBM 
spend two or three days each 





week giving demonstrations to 
regional IBM marketing per- 
sonnel, Fortune 1,000 accounts 
and dealers. 

The road show is a follow-up 
to IBM’s forum on PS/2 hard- 
ware held last fall. 

IBM’s software traveling 
companions that are swearing by 
the OS/2 system are as follows: 
Torrance, Calif.-based Ashton- 


Tate Corp.; Borland Interna- 
tional, Inc. in Scotts Valley, 
Calif.; Micropro International 
Corp., located in San Rafael, 
Calif.; Redmond, Wash.-based 
Microsoft Corp.; Novell, Inc. in 
Provo, Utah; Mountain View, 
Calif.-based Software Publishing 
Corp.; and Z-Soft Corp. in Mari- 
etta, Ga. All coming to a venue 
near you. — SK 


els. 

Ironically, Fail-Safe intro- 
duced its systems at the recent 
Armed Forces Communica- 
tions Electronics Association 
show in Anaheim, Calif. It is 
ironic because fault-tolerant 
technology cut its teeth in the 
aerospace industry but has long 
since high stepped it into the 
glamour of the commercial mar- 
ket, and Fail-Safe is no excep- 
tion. 

To make the FS 66 reliable, 
Fail-Safe says it has rigged a sys- 
tem consisting of two PCs, each 
in its own box, sharing a common 
chassis. Each personal comput- 
er also has its own electronically 
isolated motherboard and pow- 
er supply. 


Spies scour U.S. data bases 
looking for likely victims 
On the spy front, it seems for- 
eign agents could be busy pene- 
trating data bases of large U.S. 
credit bureaus such as Cleve- 
land-based TRW, Inc. and Chil- 
ton Corp. in Dallas. These felons 
are looking for the names of 
people who might have both ac- 
cess to classified information 
and personal financial problems, 
according to a report issued by 
the U.S. House Armed Services 
Committee. 

U.S. Department of Defense 
officials are worried that credit 
data bases can provide informa- 
tion on whether a person has 
U.S. government security 
clearance. 

That is a bad enough scenar- 
io, but if the data base also re- 
veals that the person is in poor 
financial condition, foreign 
agents could use the combina- 
tion to exploit that person’s 
problems to their own advan- 
tage. That could spell national 
security trouble. 

A DOD spokesman indicated 
that it would not be too difficult 
for such miscreants to gain ille- 
gal access. All they would need is 
a legitimate customer pass- 
word to get inside and, with 
thousands of existing custom- 
ers, that could be easier than it 
appears. 

Though an extreme case, 
these problems at the credit bu- 
reaus might help to point out 
the problems inherent with com- 


Are your: capital, 
marketing strategy & 
trade secrets safe? 


Take this test! 


Did you know that as a Director 
of your company you may be 
financially liable for the misuse 
of your company’s data? 


Would your competition place a 
“worm” in your system? 
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How would you know if someone 
breached your system? 

What would happen to the stock 
price of your company if someone 
breached your system, and the 
press found out? 


Could an employee with previous 
access gain entry one day 
after termination? 


How would you know if .a “hacker” 
had been trying to break into your 
system during the last six months? 


Have you changed the password on 
your system within the last 30 days? 
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Does even one of your employees 
post the password on their monitor 
or modem so a visitor could see it? 


Is it possible your competition 
could bribe one of your employees 


to gain access? 
a a ci ac cea 


If you don't like the 1 YES 
answers you’re coming | ne 
up with, give usa call. 1%." awe 
We've got a good one! = 

i 

i 


Send more information on how I can prevent 
unauthorized dial-in access to my computer! 


Company 
Address : ei ls 


oY % - 


g Civ/Sategip 


i Phone* wiuumber ( 


(outside California) 1-800-992-0020 
(inside California) 1-800-824-9369 


(important to process) 
ee | 


News section compiled and 
written by Computerworld 
Focus staff members Stan 
Kolodziej, Helen Pike and Mi- 
chael Tucker. 


LeeMah 

DataCom Security Corp. 

3948 Trust Way 

Hayward, CA 94545 
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MANAGER'S 
CORNER 


Protection from 
the pink slip 


Jim Young 


feel a profound sense 

of irony whenever I 

reflect on what at- 

tracted many of to- 
day’s MIS professionals to 
the field. As recently as 10 
years ago, people whom I taught 
or interviewed gave a variety of 
reasons for their career choice 
— from rapid advancement to 
the ability to work independent- 
ly. While many of these motiva- 
tions may have lost some of their 
validity, no reason seems quite 
so hollow as that given by many 
acolytes — that of job security. 
Indeed, many people changed 
careers just for the aura of pro- 
tection that a job in the computer 
field suggested. 

Yet in the years of 1981 and 
1982, companies in difficulty 
ceased protecting MIS _ re- 
sources from the freezes and re- 
ductions that plagued other de- 
partments. Even industries in 
which MIS historically provided 
backbone services, such as in- 


Young is managing director of MIS for 
the Wheeler Group, a division of Pitney 
Bowes, Inc. in Hartford, Conn. 


surance, banking or finan- 

cial services, recently have 

witnessed a decimation of 

| their MIS ranks. Each 

§ headline seems to bring vi- 

carious trauma as more 

bad career news emerges. Clear- 

ly, the MIS profession has lost its 
cachet of protection. 

Unfortunately, the trend to- 
ward disposable MIS is not con- 
fined to companies with econom- 
ic difficulties. The rise in 
acquisitions has forced or, in 
some cases, inspired, MIS-relat- 
ed consolidation or elimination. 
Even the threat of hostile take- 
over can provoke some organiza- 
tions to perform shortsighted, 
panic-prompted emergency sur- 
gery. 

On an objective level, such ac- 
tions are unfortunate because 
they treat MIS as ballast or ex- 
cess baggage. Even more signifi- 
cantly, the dismissals of MIS 
staff ignore the curative contri- 
butions that MIS could make. 
However, as the maxim states, 
“Tf you are not part of the solu- 
tion, you are part of the prob- 
lem.” 
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MIS may be somewhat culpa- 
ble by not putting itself in a more 
constructive position. Yet a 
postmortem is small condolence 
for those workers personally af- 
fected. It is at this more subjec- 
tive level that involved MIS pro- 
fessionals are forced to 
concentrate their assessment. 

The important’ question for 
anyone facing treacherous cir- 
cumstances is, “How do I mini- 
mize the risk?”’ The following are 
some steps that help lower the 
risk without compromising pro- 
fessionalism: 
¢ Adjust to changing compa- 
ny values. Organizations are 
becoming more demanding of 
functions like MIS and, in turn, 
the people that perform these 
functions. Intangible qualities 
like loyalty or institutional expe- 
rience are being heavily dis- 
counted in favor of bottom-line 
benefits. Under pressure, top 
management is unlikely to give 
much credence to undemon- 
strated potential. Specific and 
ongoing contributions to cost 
savings or growing revenue 
streams are the coin of the 
realm. MIS professionals need to 
ensure that their performance 
can be translated into these 
terms and that this role is visible 
and well established. It is not 
that loyalty and _ institutional 
knowledge are unimportant but 
rather that these benefits can no 
longer be relied upon solely to 
justify a professional’s existence 
ina 
e Stay versatile. In times 
when organizations must stay 
light on their feet, it is helpful if 
the supporting professionals can 


contribute to the organization’s 
flexibility. This means being psy- 
chologically prepared for change 
and proficient enough to accept 
alternate or additional assign- 
ments. It also includes being suf- 
ficiently responsive to execute 
necessary redirections quickly, if 
not spontaneously. As MIS pro- 
fessionals, we have a special 
challenge to stay technically ver- 
satile. Interestingly, this de- 
pends as much on our mental at- 
titude as on specific training. 
Professional curiosity, transfer- 
ence of knowledge and intellec- 
tual alertness count for a lot 
here. 
¢ Stay cosmopolitan. Anoth- 
er area that is a state-of-mind is- 
sue is the perception of our uni- 
verse. A dangerous trap to fall 
into is allowing one job or one or- 
ganization to become a boundary 
containing our professional ca- 
reer. While it is probably not 
necessary to cure organizational 
claustrophobia by jumping ship, 
a more healthy attitude can be 
generated by at least expanding 
our professional horizons. 
Develop contacts with profes- 
sionals outside of a restricted 
community. Through other pro- 
fessional activities, MIS people 
can increase their awareness of 
other organizations, other tech- 
nologies, even other careers. 
Just as travel is said to broaden 
people’s horizons, 80, too, will 
professional sojourning build a 
beneficial sense of perspective 
and reassure us of alternatives. 
Even the therapy of adding ac- 
complishments to a resume can 
help wean us of a psychological 
dependence on the increasingly 


: Q AND A 3 forged by anyone else. 


Jerome Saltzer, Ronald Rivest 


A lesson in perseverence: MIT computer science professors study 
ways to maintain data integrity 


erome Saltzer and Ronald 

Rivest are computer science 
professors at MIT in Cambridge, 
Mass. Each has an interest in 
data security. But beyond that 
similarity, their disciplines di- 
verge. 

Saltzer is technical director of 
Project Athena, a 5-year-old re- 
search program that is develop- 
ing interactive computing meth- 
ods for education. For the last 18 
months, Saltzer has been in- 
volved in designing a modus ope- 
randi for network authentica- 
tion. Named Kerberos after the 
three-headed dog that guards 
the gates of hell in Greek my- 
thology, it follows a development 
path analogous to Project Athe- 
na’s X Windows graphical inter- 
face. MIT would like to see Ker- 
beros become a de facto industry 
standard. 

Rivest has spent the last 10 
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years exploring the intricacies of 
encrypting data as a means of se- 
curing it. In addition, he is a 
founder of RSA Data Security, 
Inc. in Redwood City, Calif., one 
of the earliest firms to write pub- 
lic-key encryption and authenti- 
cation software for commercial 
use. Public key is an encryption 
algorithm that protects private 
communications within a net- 
work. The decryption algorithm 
is provided by a private key. 

In separate interviews, each 
professor talked with Senior 
Writer Helen Pike about his re- 
spective method for maintaining 
data integrity. 


What is the sta- 
tus of data en- 
cryption? 

RR: During the last 
couple of years, 
data _ encryption 


has really picked up tremendous- 
ly in the commercial area. The 
new public-key technologies are 
really starting to take off. 


Is there a development in 
technology that dovetails 
the academic with the 
commercial interest? 

RR: I think the development of 
the workstation and the develop- 
ment of the network are the two 
primary forces. Additionally, 
there are a lot of things you can 
do with public-key technology 
that you can’t do with coriven- 
tional technology. 

One of these [capabilities] I 
find most exciting and interest- 
ing is a digital signature. You can 
take your workstation and write 
a memo and effectively sign it by 
adding an electronic digital sig- 
nature to the end of the file. This 
signature can be verified but not 


COMPUTERWORLD 


Is this the type of signa- 
ture that we have come to 
associate with a pen and 
pencil? 

RR: It is not a pen and pencil 
thing. It’s an electronic analogy 
of that. Doing business electron- 
ically without cryptographic pro- 
tection or digital signatures is 
very much like doing business on 
typed postcards. 


Do you use the keyboard 
or a mouse to enter the 
signature? 

RR: You use your workstation to 
compute your digital signature 
for a message by applying a se- 
cret function that only you know. 


Would a personal comput- 
er or minicomputer be 
able to do this also? 

RR: Sure. The computational re- 
quirements are very modest. 
There are, for example, soft- 
ware packages commercially 
available that allow one to sign 
messages using an ordinary PC. 
With a mini, it’s even easier. 


Can the signature’s securi- 
ty be broken? 
RR: In principle, any such code 


dismal prospects in MIS. 

© Do not become paranoid. 
Despite personally discouraging 
circumstances, there is every 
reason to maintain an optimistic 
outlook. While many areas have 
been affected by breaks in our 
discipline’s earlier track record 
of job. security, fortunately the 
trend is not universal. Many or- 
ganizations that are retrenching 
now will recover, giving employ- 
ees nothing more serious than a 
good scare. It would be a shame 
if the MIS professionals involved 
took needlessly desperate ac- 
tion. Even for professionals in 
organizations that cannot recov- 
er unscathed, desolation is not 
warranted. 

In general; projections still 
paint an attractive picture for 
our profession. It is just becom- 
ing more obvious that participa- 
tion in this rosy scenario may re- 
quire some inconvenient and 
even painful personal rethinking. 
The changing scene may mean 
one or more job changes. It may 
require a redefinition of the role 
MIS plays within organizations. 
It might even influence a career 
decision. For example, an in- 
creasing need for seamen help 
as opposed to in-house technical 
talent is guiding more people 


is clear that an MIS career is not 
the milk run it used to be. How- 
ever, it can still be quite reward- 
ing, provided we learn to roll 
with the punches dealt by to- 
day’s harsh conditions. Better 
yet, the right career positioning 
and the right attitude can avoid 
these punches altogether. 


can be broken, but it might re- 
quire billions of years of comput- 
er time on our fastest supercom- 
puters. 


Is data encryption making 
an MIS manager's life eas- 
ier or harder? 

RR: Generally, it makes it harder 
day to day in the sense that there 
are more things to manage. But 


it’s certainly easier in the long 


run in that you are avoiding cer- 
tain kinds of disasters that come 
once in a while when somebody 
penetrates the system. 


Are MIS managers coming 
in to help write the soft- 
ware or are they sending 
network managers in to 
do this? 

RR: It depends on the structure 
of the company — who first per- 
ceives the need for cryptograph- 
ic security and [then] acts on it. 


Are there any competitors 
to public key? 
RR: Public key incorporates a lot 
of different things. Within public 
key, there may be some varia- 
tions, but in terms of basic tech- 
nology, there isn’t any alterna- 
tive. 

Continued on page 11 
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Continued from page 10 


What is the best approach for us- 
ing public key? 

RR: Public-key technology is most appli- 
cable in a distributed, decentralized 
networked environment. Using conven- 
tional techniques can sometimes work 
OK, especially in a small or highly central- 
ized system. 


If distributed processing becomes 
more prevalent, will we probably 
see more public-key implementa- 
tion? 

RR: Yes, absolutely. 


=] What was the thinking 
behind Kerberos? 

JS: Whether you are trying 
to do something that goes 
im. =| «under the roof of distributed 
Saltzer Processing, or a remote lo- 
gin or a file transfer, you still 
have the same need at the bottom: to 
know for sure that your correspondent is 

the person you think you’re talking to. 

The fundamental issue is if we’ve got 
two activities that are better separated 
with a network in between them, [then] 
we need a way for the two activities to 
know that each is authentic. That’s what 
Kerberos provides. 

Authentication is a requirement we 
had to do in order to be able to deliver net- 
work services to the students. The next 
step was to figure out what computing fa- 
cilities they wanted, such as being able to 
pick up mail and have remote files. 

The way Kerberos works is when you 
go to the system, it gives you a ticket that 
is ciphered with your password and you 
decipher it. You use this ticket, and you go 
to the service. 

The first thing you do when you log in 
is you send a message to Kerberos saying 
you want to use the post office. Kerberos 
sends back a string of bits that consists ap- 
proximately of your name enciphered and 
the post office password. 

The idea is that I can get to the post of- 
fice, and the post office finds it can deci- 
pher the ticket. The reason it can deci- 
pher it is because I got the ticket from 
Kerberos. So it knows for sure that it’s 
me. That’s the overall idea that’s in- 
volved. 


Why is that idea important in a 
networked environment? 

JS: When a client requests a service 
across the network, the service needs to 
know who the client is. Authentication is 
basically just verifying the identity of the 
client. 


What was Kerberos’s origin at 
Project Athena? 

JS: During the last several years, there 
have been a number of protocols. . . . We 
adopted a variation of one . . . [the above- 
mentioned post office concept]. Having 
adopted that variation, we have imple- 
mented a server that provides a service of 
checking a user’s identity. Then, we made 
changes to several of the network service 
protocols to make them use Kerberos au- 
thentication. 

For example, we use a mail system 
complete and ready to use from Santa 
Monica-based Rand Corp. The only thing 
that was not adequate about it was that it 
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did not check the identity of the user ask- 
ing for mail. 

So we have modified it to use Kerberos 
authentication. When you ask for mail, it 
checks to see that you are the person 
whose mail you're asking for. That’s the 
essence of what we did. We have modified 
the [Sun Microsystems, Inc.] Network 
File System to require Kerberos authen- 
tication before it allows you to attach to 
your remote file directory. 

We have also modified the remote lo- 
gin features of University of California at 
Berkely Unix 4.2 to be mediated by Ker- 
beros. 

This is an example of a network service 
and a facility that we could not find off the 
shelf from any of our vendors or from any 


other source. That is why we felt it neces- 
sary to develop it. 


Is it Project Athena’s intent to 
make Kerberos available to the 
commercial field? 

JS: We do intend to make it available to 
the world one way or another, but we 
haven’t decided how. And we do want to 
encourage its use as a standard if that’s 
possible. 


When will it be available outside 
of MIT? 

JS: I’m not sure of the exact timing, be- 
cause we went through 11 iterations of X 
Windows before we finally got to the 
stage at which we were convinced that 


the right thing to do was to push it out to 
the world. 

I don’t know how many more itera- 
tions we have ahead of us for Kerberos. 
It’s on its second iteration. 


Have you found that there has 
been a lot of outside interest in 
this effort? 

JS: Yes. Actually, we’ve found that some 
people have been quite interested in it. 
Whenever it’s mentioned, we find that 
people immediately begin asking ques- 
tions. 

There is no question there is a problem 
here for which we have to come up with a 
solution. That’s why we put the system 
together. 


~ KNOW_YOUR 


PYGMY JUMPING SPIKE FLY 


(rapiditis bombus) 


BRO OUT FUNGU: 
(systemii interruptii) 


HUMPBACK SURGE BUG 
(destructus abruptus) 


DANCING VOLTAGE MONKEY ROACH 


TRANSIENT'STINK FLEA GIANT BLACKOUT ASSASSIN BE! 


(printii garbagelli) 


(monstrositus catastrophus) 


(disci dumpi) 


SNOUTSUCKING SAG WORM 
(datis obliteratis) 


RINGED-ANTENNA LINEHOPPER 
(signalius distorti) 


If you've been having problems with your computer, chances are they are electric 
power related. Power problems can cause these eight computer pests. To get rid of 


them fast, call Onan. 


Onan offers a complete line of equipment to eliminate these 8 pesky electrical 
problems. From high isolation transformers and line conditioners to standby battery 
power, uninterruptible power systems and generator sets, Onan is one of the leaders in 
solving power problems for today’s computers. 


For more information on power problems and how to solve them, call or write Onan 
or its local Distributor (see Generators in Yellow Pages) for a copy of Onan 
Technewsletter 10. A 17” x 22” poster of this ad is available upon request. 


COMPUTER POWER BUGS, WE EAT ’EM ALIVE. 


Onon 


1400 73rd Ave. N.E. ¢ Minneapolis, MN 55432 


612-574-5000 
Circle Reader Service Number 6 
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It. can't 
happen 


here... 
Blasé attitudes spell trouble 


BY PATRICIA KEEFE 


omputer crime is a lot like any other kind of crime, 

particularly when it comes to the blasé attitudes 

prevalant among would-be victims. Everyone as- 
sumes it can’t happen to him, whether it be robbery, rape or 
unauthorized access to sensitive data. 

Yet even the most optimistic among us takes certain pre- 
cautions. We don’t wander the streets alone at night. We don’t 
flash wads of bills in front of strangers, and we routinely lock 
our doors and windows. Sure, it requires a little effort, but 
common sense, abetted by a daily dose of screaming head- 
lines, assures us the expenditure is worth it. 

But to hear security consultants tell it, the fearless business 
world could use a good dose of that same common sense. 

Implementation of computer security programs is highly in- 
cident-driven, says Carl Jackson, a computer security special- 
ist with Ford Aerospace Corp. in Newport Beach, Calif., and 
past president of the Information Systems Security Associa- 
tion (ISSA). This means the Fortune 1,000 appears unwilling 
to give much thought to security unless, for instance, a major 
security breach involving a competitor receives significant 
media play. 

“Our best clients are the ones that were just ripped off,” 
adds Donn Parker, a computer security consultant with SRI 
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International in Menlo Park, 
Calif. 


It is unclear what percentage 
of firms in the Fortune 500 have 
data security officers in place. 
One long-time security consul- 
tant says he believes most of 
these companies at least have 
begun to look at security issues. 
Other consultants find that trend 
optimistic. 


For the 


There are exceptions, of 
course. Some industries are ei- 
ther mandated by law to secure 
their data or are bound by what 
is referred to as “‘a high standard 
of care.” 

These industries include gov- 
ernment offices, defense con- 
tractors, financial institutions, 
insurance companies, as well as 
automakers and cosmetic and 


new generation, 
a new choice in 


For a company the size of PepsiCo, 
it takes a lot to keep the sparkle 


in your data processing 


From Pepsi-Cola to Taco Bell, 
growing user demands have made 
strong central systems manage- 


ment essential. 


Fortunately, as the challenge 


has grown, so has PepsiCo’s 
ability to meet it — thanks to 


VM Software and the capabilities 


of VMCENTER II. 


The results: a new performance 
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toy vendors, which rely on trade 
secrets to stay competitive, says 
computer security expert Rob- 
ert E. Johnston, a senior manag- 
er with Advanced Information 
Management, Inc., a consulting 
firm in Woodbridge, Va. 

Even so, “‘security consider- 
ations are normally not a prima- 
ry factor in DP strategy,” ob- 
served a recent report on data 


security, entitled “Information 
Security Products and Services 
in the U.S.” (#A1753), from 
New York-based market re- 
searcher Frost & Sullivan, Inc. 
This attitude is especially un- 
fortunate given that few victims, 
often ripped off to the tune of 
hundreds of thousands — even 
millions — of dollars, are willing 
to go public with such embar- 


apparent in everything from 
backup and tape management to 
system scheduling and accounting. 
Performance and reliability are 
up. Operator errors and adminis- 
trative headaches are down. While 
problem resoiution is faster, 
easier, and more accurate than 
ever before. 


SYSTEMS 

FOR THE FUTURE. 

This performance is impressive. 
But it’s only the beginning of 
what VMCENTER II can do. From 
comprehensive management 
reports to the automated handling 
of a broad range of everyday 
operations, VMCENTER II does 
more for VM systems management 
than any other product on the 


standard for VM operations. A 
new level of convenience for 
data center staff. And a new ability 
to manage for the long term — 
knowing the short term is under 
control. 


LEARNING THE VALUE 
OF RELIABILITY. 

At one time, the company relied 
extensively on in-house software 
for data center management. 
Saving some money up front. But 
quickly paying the price in flexi- 
bility, reliability, and peace 

of mind. 

Today, more and more opera- 
tions are under VMCENTER 
control. And the results are 
© 1987 VM Software, inc. 


market. Which is why it’s the one 
essential complement to a// your 
VM systems — from 9370 to 3090 
to whateyer the future may bring. 
VMCENTER II. Standard-bearer 
for Pepsi’s new generation. 
Smart solution for today. For more 
information, write or call: 


800-562-7100 


703-264-8000 


VM Software, Inc. 
1800 Alexander Bell Drive 
Reston, Virginia 22091 
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rassing news. As a result, 
Parker, who has about 2,000 do- 
cumented cases on file, says it is 
difficult to provide valid numbers 
on the extent of computer crime. 

So if you have been lulled by 
the seemingly low incidence of 
high-tech crime, you should run, 
not walk, to the nearest risk 
analysis package and figure out 
just what you stand to lose. Be- 
cause if you think your data is 
safe, think again. 


Revenge of the nerds 
What’s more, you can forget the 
“revenge of the nerds” theory: 
Most security breaches are not 
committed by outside hackers 
but, rather, come from within a 
corporation. Actually, this situa- 
tion is to be expected. To gain 
access, hackers, aided by “de- 
mon dialers” (devices that keep 
dialing successive numbers in 
search of a modem signal), still 
need a lot of luck to guess two 
passwords correctly. Besides, al- 
though the hackers you read 
about are those who steal credit 
card numbers and damage cor- 
porate data banks, most security 
consultants and data security of- 
ficers view the average hacker 
as someone in benign pursuit of 
an intellectual challenge, not ma- 
licious damage. 

Whether security breaches 
are committed by internal or ex- 
ternal culprits, they are helped 
immensely by the trend toward 
connectivity. The explosion in 
networking, coupled with the de- 
centralization of information, 
will put host data access into the 


Few victims, often 
ripped off to the tune 
of hundreds of 
thousands — even 
millions — of dollars, 
are willing to go public 
with such 
embarrassing news. 


hands of an unprecedented num- 
ber of microcomputer users dur- 
ing the next five years. Because 
greater access leads to greater 
vulnerability, decentralization 
necessitates that responsibility 
for security increasingly will be 
placed into the hands of users. 
All of which will place a corpora- 
tion in the awkward position of 
having to trust the very people 
from which it is trying to protect 
itself. 

Who are these users? Obvi- 
ously not the majority of employ- 
ees. Security consultants point 
to several kinds of perpetrators, 
as follows: 
¢ The ignorant. This group in- 
cludes any user who accidently 
wanders into the wrong files, un- 
intentionally deletes or writes 


over information or creates any 
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kind of error likely to result in downtime 
and expensive, corrective measures. This 
type of breach makes up the bulk of secu- 
rity problems, consultants and data secu- 
rity officers agree. Data security officers 
responding to a 1987 Ernst & Whinney 
survey and a recent report from Interna- 
tional Resource Development, Inc. in 
New Canaan, Conn., attributed unautho- 
rized employees as the greatest threat to 


security. 
e The disgruntled. Angry employees 
seeking revenge may either abscond with 
sensitive information or deliberately de- 
stroy data or equipment. These people 
are not usually concerned with hiding 
their handiwork. 
° The financially savvy. These users 
possess the know-how, that is, the knowl- 
edge of accounting and financial systems, 
to alter data, steal money and cover their 
tracks. Not necessarily computer literate, 
they nonetheless possess the access re- 
quired to pull off a scam. In some cases, it 
can be years and millions of dollars later 
before their crimes are detected. (See 
story this page.) 

With employees like this, MIS barely 
has time to worry about its enemies. It 
has been an uphill battle, but many com- 


panies are beginning to get the point. As. 


awareness rises, so do purchases of secu- 
rity equipment and software. 

The Frost & Sullivan report broke se- 
curity purchases down into four areas and 
predicted the following figures: The first 
area is mainframe security, at $102 mil- 
lion in 1988, jumping to $144.5 million in 
1992; second is computer security, at 
$145 million in 1988, almost doubling in 
1992 to $263 million; third is network se- 
curity, at $202 million in 1988, moving up 
to $224 in 1992; and fourth is security 
services, at $139 million in 1988, rising to 
$319 million in 1992. 

Overall expenditures for security pur- 
chases are expected to total $588 million 
in 1988, virtually doubling to $950.5 mil- 
lion in 1992, the report predicted. 

Knowing the enemy is perhaps less im- 
portant than knowing what you have to 
lose. It seems few companies outside the 
long arm of government regulation have 
bothered to assess and classify what the 
security industry considers a company’s 
most valuable asset — data. 

Many companies that fear for their 
data are opting to turn the task of protec- 
tion over to specialists. The ISSA boasts 
approximately 1,000 members and is 
working toward setting some profession- 
al standards for data security officers. 
This setting of guidelines is important, 
notes one security consultant who claims 
he never knows what to expect when first 
contacting a client’s data security officer. 
Experience levels vary widely for such a 
critical post, he claims. 

Smaller companies that cannot justify 
the expense of in-house security person- 
nel are fueling the growth of the security 
services industry, says Lawrence Dietz, a 
vice-president with Coin Financial Sys- 
tems, a systems integrator in Norcross, 
Ga., and a project director for Frost & 
Sullivan. He is also the author of the Frost 
& Sullivan report on information security. 
Dietz explains that to provide security, 
these firms have two choices: go to tradi- 
tional consultants or hire hackers, a very 
controversial trend. 

Following convictions, some high-tech 
pirates have gone legitimate with consult- 
ing services aimed at their former tar- 
gets. This turncoat maneuver makes per- 
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Lessons learned the hard way 


WHO AMONG US DOESN’T LIKE a good thriller now 
and then? Because people very often have difficulty relat- 
ing abstract warnings to their own situation, it can take a 
sobering report about someone else’s brush with terror to 
bring the point home. And let’s face it, the bottom line for 
any business is profit and reputation. With that in mind, 
the painfully expensive examples below should widen the 
eyes of any hardened executive, if not strike fear deep into 
the heart of his system. 

¢ Security Pacific National Bank of Los Angeles suffered 
a $7 million loss when someone tampered with its elec- 
tronic funds transfer system, but the bank didn’t find out 
about the breach until notified by the Federal Bureau of 
Investigation that it “had a problem.” 

¢ Persons inside and outside of Volkswagen AG in Wolfs- 
burg, West Germany, manipulated the books to cover up 
an estimated $259 million in trading losses on foreign 
currencies. Although the loss occurred in 1984, it was not 


¢ Tyson Jolliffe, an official in charge of computer security 
for the Immigration and Naturalization Service, took ad- 
vantage of his access to create fake immigration docu- 
ments, which he then sold to illegal aliens. Jolliffe and his 
cohorts earned at least $800,000 before the scheme was 
uncovered. He is now serving a five-year jail sentence. 

¢ Inasurvey conducted by Ernst & Whinney at the 1987 
annual conference of the Northboro, Mass.-based Com- 
puter Security Institute, more than 50% of 562 respon- 
dents said they had suffered financial losses via tampering 
with their computer systems. Another 12% estimated 
those losses at between $50,000 and $500,000. 

It may do well to remember a maxim from the internal 
computer security policy of Newport Beach, Calif.-based 
Rockwell International Corp.: “Recipe for Big Trouble 
— Use remote-access distributed data systems to elec- 
tronically transfer information among separate locations. 
Mix in millions of personal computers. Sprinkle with a 





discovered until March 1987. 


fect sense to some consultants, who often 
hire former pirates unbeknownst to their 
clients. “‘A hacker is the data security offi- 
cer’s best friend,” says one security vet- 
eran, who asked not to be named. 

But that idea outrages some ISSA 
members, including Ford Aerospace’s 
Jackson, and other security consultants. 
They see it as akin to letting the fox into 
the henhouse. “It is horrible, terrible and 
irresponsible and a dangerous thing to 
do,” SRI’s Parker exclaims. “These peo- 
ple have already proven at least once that 
they are of a criminal persuasion.” 

For those not so willing to unlatch the 
coop, further guidance is available from 
the National Computer Security Center in 
Fort Meade, Md. The center puts out a 
number of security books, the most well- 
known of which is the “Orange Book.’”’ 
The book recommends procedures for 
compartmentalizing data, Jackson says. 
“The idea is that by separating data into a 
variety of boxes, you make access more 
difficult,’”’ he explains. Soon to come is the 
“Brown Book,” which provides similar 
guidance but is network specific. 


On the defensive 

Regardless of who is appointed to monitor 
and administer security measures, orga- 
nizations are advised to locate their weak- 
est point and most sensitive data and to 
build out from there. 

According to Parker, the most com- 
mon type of computer abuse is “data did- 
dling,” or manipulation. In response, us- 
ers will find an array of control 
applications on the market to forestall, if 
not prevent, that activity. Among the 
tools Parker recommends are floor limits, 
which require that transactions exceed- 
ing a set amount be checked or reported; 
reasonableness controls, which involve 
checking data for unusual patterns or in- 
put deviations from normal activity; in- 
tegrity checks; cross-footing, that is, to- 
taling figures across the top and bottom of 
a matrix; and backup. 

Possibly the simplest step, separation 
of duty, is also effective. “I call it the 
‘maker, checker, signer’ rule,” Parker 
says, referring to a method of safeguard- 


computer-wise generation.”” — Patricia KEEFE 


ing sensitive documents by sharing re- 
sponsibility. 

Because inadvertent errors remain the 
most costly and frequent of ali security 
breaches, more and more vendors are 
building safeguards, such as decision 


checks, multiple levels of passwords and 
access control, into their software pack- 
ages and operating systems. 

Security certainly is not new to main- 
frame vendors or users, nor does it seem 
to be much of an issue unless personal 
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computer manipulation of host 
data is involved. In fact, a major 
selling point of several IBM op- 
erating systems is their security 
features. 

Overall, the mainframe secu- 
rity market is pretty much sewn 
up by three packages: IBM’s 
RACF and Computer Associates 
International, Inc.’s Top Secret 
and ACF2. 

In contrast, the personal com- 
puter security market is wide 
open with an anticipated annual 
growth rate of about 10% a year, 
according to Frost & Sullivan. A 
swarm of small start-ups offer a 
myriad of add-on and add-in 
products, ranging from risk anal- 
ysis packages to software locks 
and password systems to data 
encryption and diskless worksta- 
tions. (See story this page.) 

Most of these defense mecha- 
nisms can be purchased at a rela- 
tively low cost, according to 
Frost & Sullivan. ‘“‘A commodity 
seller approach accounts for the 
fact that no vendor has emerged 
as the market leader,” the re- 
port states. 

One noteworthy develop- 
ment is a trend toward using a 
PC as a security device rather 
than merely as a piece of equip- 
ment to be secured, Coin Finan- 
cial Systems’ Dietz says. Special- 
ty software can be run on PCs for 
applications ranging from disas- 
ter recovery planning to inven- 
tory control to bomb defense. 
Pricing for these PC packages 
tends to be higher and may in- 
clude some consulting services. 


Network 

As PCs and, in turn, networks 
proliferate, new problems spring 
up. Networks are funny — they 
can open up a whole new can of 
worms by providing access to 


corporatewide data. Networks 
are particularly conducive to 
three types of security prob- 
lems: disclosure, alteration of 
data or programs and damage to 
equipment. 

Sites that don’t have a good 
handle on their network installa- 
tions are bound to experience at 
least one of these woes. “How 
can you block out a node if you 
don’t know it’s there?” Jackson 
asks. “The left hand doesn’t 
know what the right hand is do- 
ing.” 

Then again, many problems 
can be averted by having the net- 
work perform some functions 
that might otherwise be per- 
formed on individual worksta- 
tions. For example, file, adminis- 
trative and host access controls 
can be centralized, even as infor- 
mation becomes decentralized. 
Generally speaking, network se- 
curity is approached from one of 
three levels: operating system, 
physical hardware or application 
software. 

Security features, such as 
password control, audit trails 
and software locks, are increas- 
ingly being built into the net- 
work operating system. Exam- 
ples of network operating 
systems that provide some of 
these features include Banyan 
Systems, Inc.’s Virtual 
Networking System 3.0, Novell, 
Inc.’s Advanced Netware and 
3Com Corp.’s 3+ and3+ Open. 

Physical security includes 
locked disk drives, diskless 
workstations and personal to- 
kens, which seem to be gaining 
in popularity among local-area 
network users for their ease of 
use and volume pricing. 

Application software can re- 
quire access keys and passwords 
or lock out unauthorized users. 
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Any good security system will 
utilize a mix of the above-men- 
tioned technology and possibly 
some customized packages. The 
trick is to make security easy 
enough so that users won’t over- 
ride it or not cooperate with se- 
curity efforts. 


Make or break 

User participation can make or 
break a security system, espe- 
cially in this era in which connec- 
tivity and personal ownership of 
information appear to be on a 
collision course. By distributing 
the data throughout an organiza- 
tion, LANs have imposed ac- 
countability on the individual 


worker, SRI’s Parker says. 

“But you don’t want to set up 
a bureaucracy that will impede 
users’ ability to do their jobs,” 
warns Solon D. Young, director 
of data management and applica- 
tions engineering for American 
Airlines’ Sabre reservations sys- 
tem. 
Also, you want to make sure 
users know you mean business 
by following up every violation 
alert, Jackson adds. Consultants 
stress the importance of educat- 
ing users and making security a 
part of their job descriptions, as 
is common in the government 

The key to security, then, is 


to prepare an adequate defense 
and to involve all levels of the 
company in carrying out that de- 
fense. In addition, users can 
pressure veridors to incorporate 
security features into their prod- 
ucts as a matter of course. 

According to Parker, the bot- 
tom line is this: The computer 
grants the perpetrators the 
same leverage over information 
and money as it does the victims. 
There is no such thing as a se- 
cure facility; security is every- 
one’s responsibility. + 
Keefe is a senior editor for networking 
at Computerworld newspaper, pub- 
lished in Framingham, Mass. 


Security technology primer 


WHAT FOLLOWS IS a primer — taken in 
part from a July 1987 report from Computer 
Intelligence in La jolla, Calif. — of some of 
the more common methods of computer and 
data security. Any good security scheme 
will employ a number of these methods cus- 
tomized to an installation’s particular 

needs. 

¢ Risk analysis. Software packages, 
many of which are personal computer based, 
are available to help quantify potential ex- 
posure to security breaches. This is the 
starting point in assessing your need for and 
development of a plan of action. 

© Security levels. It serves a company 
well to distinguish its levels of security for 
data, such as top secret, confidential, re- 
stricted or unclassified, and determine each 
category’s backup needs. 

© Access levels. Users can be assigned a 
variety of access privileges, such as read 
only, remote access, specific file or directo- 
ry access, ability to upload or download data 
from a mainframe or network data base and 
access to printer capabilities. 

© Lockout. This method uses a password 
to get at a specific resource known to all us- 
ers of that resource. 

¢ Passwords. An inexpensive, low-level 
form of user identification combined with a 
specific logon can alert the system to specif- 
ic profiles on access rights. 

¢ Callback. Callback devices prevent un- 
authorized access to the communications 
channels of a computer. Some devices re- 
quire a caller to provide an identification 
number and hang up. After verifying the us- 
er’s access rights, the device calls the user 
back. When combined with a password, the 
system requires that the correct user ID also 
be provided from a specific location (mo- 
dem number). 

¢ Verification/authentication. Anoth- 
er key feature is a method of verifying that 
data is not altered between the time it is 
sent and received. Banks using electronic 
funds transfer are heavy users of this tech- 
nology. A popular standard is the ANSI X9.9 
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message authentication protocols. 

© Data encryption. This category con- 
sists of software or hardware that safeguards 
data during transfer between locations, for 
example, over leased lines, by encoding the 
data before it is sent. A software key is re- 
quired on the receiving end to decode the in- 
formation. The most popular method is the 
Data Encryption Standard, issued in 1977 by 
the National Bureau of Standards. 

© Data compression. These are soft- 
ware products that can reduce the number of 
bits necessary to represent characters for 
line speed purposes. Combined with encryp- 
tion, data compression is said to be especial- 
ly effective. 

* Diskless workstations. Not only are 
medialess PCs less expensive and more reli- 
able because they have fewer parts to break 
down, but they also can be used to prevent 
users from withdrawing data and walking 
off with it. In addition, with diskless PCs, files 
remain under the central control of the 
server software. 

¢ Audit trails. This option provides a 
comprehensive record of all network or sys- 
tem activity, including who logged on when 
and where, accessing what and for how long. 
Audit trails also track errors and unsuccess- 
ful attempts to violate access privileges. 

¢ Smart cards. A smart card is a card 
with magnetic strips or embedded chips that 
contains access information. After insert- 
ing the card into a reading device, users type 
in a personal identification number (PIN) to 
gain access. More widely used in Europe 
than in the U.S., these cards can be used 
either to activate a PC or open a building or 
room. 

© Biometrics. These high-tech devices 
measure some physical characteristic of the 
individual seeking access, such as finger- 
prints or retinas. Biometric measures are of- 
ten combined with PINs to determine au- 
thorization rights. Considered to be an 
intrusive technology, biometrics is mostly 
limited to areas requiring high security clear- 
ance. — Patricia KEEFE 
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Portrait 
of a fortress 


BY MICHAEL TUCKER 


:00 a.m. — It begins. The phone rings. My 
editor is on the line. We have a simulated disaster 

under way. I stand blinking in the glare of the 
overhead kitchen light, holding the phone and trying to com- 
fort my 3-year-old son, who has been awakened by the call. 
My editor gives me the grim details. We are now employed by 
mythical XYZ Corp., located in Arlington, Mass. For the past two months, XYZ has re- 
ceived threats from a terrorist group, the Kommittee for the Liberation of the Aryan- 
American Nation (KLAAN). 

Twenty minutes ago, KLAAN struck. A suicide truck bomber drove into our data 
center, and nothing remains of the installation but rubble. We have lost not only our 
hardware but also our entire tape library. 

I am charged with putting into effect our disaster recovery plan at a cold site and 


Tucker is Computerworld Focus’s features editor. 
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tape storage facility in Rhode Is- 
land. 

8:30 a.m. — Judith Brack- 
ley, the director of corporate 
communications for the Boston- 
based Iron Mountain Group, 
Inc., is at the door of my apart- 
ment. We will drive to an Iron 
Mountain Group facility some- 
where in Rhode Island. 

Actually, if this were a real 
emergency, things would have 
happened much more quickly. 
Brackley tells me that within 30 
minutes of informing the Iron 
Mountain Group’s on-site repre- 
sentatives of a disaster, things 
would have started in motion. 

For this exercise, we’ve ob- 
tained Iron Mountain’s coopera- 
tion. The firm has agreed to pre- 
tend that XYZ is one of its clients 
and that I am XYZ’s MIS officer, 
which is why there is now an un- 
inarked car sent by Iron Moun- 
tain waiting for me outside. Lat- 
er, William D. Bianchi, the vital 
records manager for the New 
England region of Iron Moun- 
tain, tells me, “Security is most- 
ly a service business, . . . and it 
changes according to the situa- 
tion. It may be, for instance, that 
I'll have to arrange a shuttle bus 
service to get my client’s per- 
sonnel to the site. [In that case], 
I'd be in the transportation busi- 
ness.” 

9:10 a.m. — We are on the 
road heading south. The country 
grows gradually more rural. 

We have picked Iron Moun- 
tain for this simulation because 
of its standing in the secure stor- 
age business. It does not have a 
particularly big name in disaster 
recovery, and it maintains no hot 
sites, but in the storage arena, it 
has few peers. 

The company name is a story 
in itself. ‘Iron Mountain’’ is just 
that, a mountain in New York 
state. During the civil war, 
Brackley explains, it was a major 
source of iron ore. When the ore 
played itself out, some entrepre- 
neur converted the abandoned 
mine into a mushroom farm. 

Then, in the 1950s, during 
the Cold War period when a nu- 
clear conflict was widely expect- 
ed, the site was converted into 
what was effectively the biggest 
bomb shelter in the world. At 
that time, the facility was known 
as the Iron Mountain Atomic 
Storage Co. Several large corpo- 
rations moved their paper rec- 
ords there, fully expecting that, 
should World War III break out, 
somehow they would be capable 
of carrying on their businesses. 

Eventually, Iron Mountain 
Atomic experienced financial dif- 
ficulties. Most of its customers 
left, and the Iron Mountain in- 
stallation very nearly reverted 
to the bats and mushrooms that 
were its original inhabitants. 
However, at the close of the 
1950s, it was purchased by its 
current owners and converted 
into a secure storage facility for 
paper records and microfilm. To- 
day, it is a James Bond-type 
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place, according te those who 
have seen it, full of vaults built 
deep into the mountain itself. 

During the years, Iron Moun- 
tain Group has branched out to 
purchase or build additional stor- 
age facilities. Among the compa- 
ny’s other locations is “The 
Cave”’ in Rosendale, N.Y. This 
location is a huge limestone cav- 
ern, nearly 15 acres in size. 
Within it, the firm has construct- 
ed buildings, roads and even arti- 
ficial parks. It is, effectively, an 
underground city dedicated to 
secure storage. 

The facility toward which we 
are now driving is much, much 
smaller. But it is, in Some ways, 
even more secure. 

10:10 a.m. — We are driv- 
ing along a country road in an ap- 
ple orchard. Brackley turns on a 
side road. It seems to lead no- 
where except into a grassy field. 
The road dips and bends. We 
round a low hill, and suddenly, 
we confront the white expanse of 
a concrete bunker. 

10:11 a.m. — We park and 
walk to the bunker’s face. We en- 
ter a small, glassed-in foyer. Be- 
fore us is an immense, black steel 
door. Discreet signs on the walls 
warn about guard dogs and 
against standing too close to the 
door, which is automatic and 
swings open into the foyer. 

I realize that there are at least 
two cameras positioned in the 
ceiling of the foyer. I wonder if 
there are others, perhaps watch- 
ing the drive. I ask Brackley 
about this. She smiles and does 
not answer. 

10:12 a.m. — Brackley 
picks up a phone on the inside of 
the foyer and calls someone. A 
moment later, the immense 
black door swings open. Bianchi 
is standing alone in front of us. 
He greets us and requests two 
forms of identification. 

10:14 a.m. — My driver’s 
license, press credentials and a 
major credit card eventually get 
me through the great door. We 
step inside, and it shuts behind 
us, slowly and silently. 

I find myself in a small con- 
crete room. Behind me is the 
first door, and in front of me is a 
second metal door, every bit as 
huge as the first. Again, there 
are cameras in the ceiling. 

I realize that we are in a man- 
trap. Should anything go wrong 
now (if, say, bunker personnel 
decide I am not who I said I was), 
they could seal us in here. 

I spend a moment thanking 
heaven that I’m not claustropho- 
bic. At least, not yet. 

10:14:30 a.m. — I am 
overjoyed to see the second door 
open. It moves with the same 
ominous silence of the first door. 

We step inside the data site’s 
entry area, and walk down a 
short decline. I find myself in 
what looks like a small office. It is 
a room about 45 square feet in 
size. There are desks, a counter 
and a smali computer system. 
Several young women in white 
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laboratory coats work at termi- 
nals or personal computers. It 
could easily be mistaken for an 
insurance agency or a doctor’s 
office. 

Then, of course, I start to no- 
tice the little reminders that we 
are now 18 feet underground. 
Attached to the counter is a box 
marked “Emergency Air Supply: 
Five Minutes!” 

I discover later that Iron 
Mountain has its clients send 
their disaster recovery crews 
here-for drills long before any ac- 
tual need arises. This practice 
session is partly done so that the 
staffs of both Iron Mountain and 
its clients can prepare for life af- 
ter a disaster, but it is also partly 
done as a screening of sorts. 
“Some people,” Bianchi ex- 
plains, ‘‘are just not made to 
work underground. Better that 
we learn about it now, before 
they actually have to be here.” 

10:20 a.m. — We enter an- 
other small office within the 
complex. Again, I am struck by 
how much it is like any other line 
manager’s office. There is the 
usual desk, terminal and clutter. 
I don’t even feel as if I am under- 
ground here because one of the 
walls is glass and opens out on 
the center of the bunker. 

Here we meet William 
Dreyer, Iron Mountain’s vice- 
president of sales and market- 
ing, who has come down from 
Boston for the day. He fills me in 
a little more on Iron Mountain’s 
history. Originally, the firm had 
only been involved with docu- 
ment and microfilm/microfiche 
storage. But “‘in the 1980s, the 
company realized that computer 
media storage was a logical ex- 
tension of that business.” 

Dreyer also tells me about 
this particular bunker’s history. 
It was built in the 1960s as a joint 
venture between a large bank — 
no names, please — and the U.S. 
government. The plan stipulated 
that in times of peace, the bank 
would do its own secure storage 
here. If, however, a nuclear war 
broke out, government mone- 
tary authorities would move in to 
manage the currency for the 
New England area. In effect, the 
bunker would become the re- 
gional Federal Reserve bank. 

Bianchi adds, ‘This place was 
built to withstand nuclear strikes 
in both Boston and Providence, 
R.I. All the heavy equipment is 
on springs, for instance, and the 
pipes all contain flexible, braided 
copper sections so that they 
could survive the shock waves 
from explosions.” 

Eventually, both the bank and 
the government outgrew the 
bunker. Iron Mountain pur- 
chased it and turned it into a me- 
dia vault on a grand scale. 

11:00 a.m. — We return to 
the central section of the bun- 
ker. Bianchi and Dreyer lead the 
way to the other side of the build- 
ing. There, a glass door opens 
into the main magnetic media 
storage site. On the other side, I 
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see row after row of tape and 
cassette racks stretching off for 
many feet. A woman in a lab coat 
moves among them, mysterious- 
ly noting things ona clipboard. 

“We're almost entirely mag- 
netic media here,” Bianchi says. 
“We try to make certain the only 
paper is material referring to 
how the tapes should be used.” 
He gestures to two armored 
bloodred boxes ina corner. 

If my company had really 
been subject to a disaster, then 
boxes like these would contain 
my previously arranged instruc- 
tions and recovery plan. It would 
be to these instructions that the 
Iron Mountain specialists would 
turn first. 

11:10 a.m. — As we exit 
the tape library, Bianchi shows 
me a solid wall of electronics at- 
tached to the library, including 
environmental and fire suppres- 
sion controls, meters, alarms, 
telephone links and the like. 

If a fire broke out or if some- 
one attempted to break in, the 
alarms would summon help in 
seconds. 

11:15 a.m. — We meet the 
head librarian. She explains that 
the bunker does more than just 
store materials in the event of a 
disaster. Most of Iron Moun- 
tain’s clients are more interest- 
ed in the bunker as secure stor- 
age rather than as disaster 
preparation. Here they may 
keep computer data on file, safe 
from on-site hazards and without 
the expense of maintaining their 
own secure facility. 

Clients can also get tapes 
back again within a few hours. 
Indeed, the bunker’s daily busi- 
ness is that of tapes arriving and 
departing on a regular basis. 
Each day, four unmarked trucks 
wind their way through the apple 
orchard to pick up and drop off 
crates of magnetic media. 

The librarian shows me how 
each tape and each crate is 
uniquely marked and managed. 
Clients can send in instructions 
for tape storage or delivery by 
phone or modem. Either way, 
though, they must identify them- 
selves via passwords and “other 
security measures,”’ she says. 

11:45 a.m. — We leave the 
tape storage area to enter the 
cold site, which is a large and 
currently empty room. It is a 
typical cold site with a raised 
floor, power supply connections 
and so on. “This is where you 
would set up your equipment,” 
Bianchi says. “If this place were 
occupied, we’d have armed 
guards here to protect you and 
your investment and to maintain 
the security of the rest of the 
tape library.” 

12:20 p.m. — There is a 
door in the back of the cold site. 
I’m led through it in silence. On 
the other side is a darkened com- 
plex of small rooms filled with 
huge machines. There are two 
diesel generators that would 
supply power to the bunker if the 
outside lines went down. “There 


are two underground fuel tanks 
outside the bunker,” Bianchi 
notes. “If we had a customer’s 
mainframe running in the shell, 
we could last several months 
without power. If there were no 
mainframe here, ... I don’t 
know how long we'd last. Indefi- 
nitely, say.” 

In these back rooms, there 
are also power conditioners, hu- 
midity control devices and an im- 
mense compressor. Each piece is 
mounted on huge shock-absorb- 
ing springs attached to the floor. 
“To withstand the blasts,” Bian- 
chi explains. 

For effect, Dreyer kicks a 
particularly large piece of equip- 
ment. It rocks and rolls like a 
bucking horse, then comes slow- 
ly to rest. “It works,” he says, 
with grim humor. “Let’s hope 
we never get a chance to give ita 
real workout.” 

1:00 p.m. — We return to 
the lobby. Dreyer and Bianchi 
talk about security. According to 
Bianchi, “Things like the shock 
absorbers and the alarms, those 
are nice bells and whistles. But it 
is people that make security hap- 
pen — or fail.” Iron Mountain’s 
own personnel are investigated 
and bonded before they are 
hired. Each of the bunker staff 
members must live within a 30- 
minute drive of the installation. 

1:10 p.m. — Fictitious XYZ 
has been saved. In theory, dupli- 
cates of all our tapes exist at the 
site in the tape library. A dupli- 
cate of our hardware is on its way 
to this cold site, a factor that, for 
an additional fee, Iron Mountain 
was happy to arrange for us. In 
spite of the car bomb and the 
best efforts of the mythical 
KLAAN, we may even turn a 
profit this year. 

Yet as we stand in front of the 
first set of massive doors on the 
mantrap, I am haunted by Bian- 
chi’s comment about people be- 
ing the real basis of security. Al- 
though _Iron Mountain’s 
personnel may be cleared and 
bonded, XYZ’s staff is not. Iron 
Mountain, and companies like it, 
can help MIS protect itself 
against threats of man and na- 
ture, but ultimately, security is 
the responsibility of the compa- 
nies themselves. If a firm does 
not have a realistic security plan 
of action, then no amount of bells 
and whistles can save it. 

As we prepare to exit, Bianchi 
points to a small but massive 
metal door next to the mantrap. 
“That’s one of the holdovers,” 
he says. “It leads to a lead-lined 
vault. Today, we use it for nones- 
sential storage. But orginally, 
the idea was that after the bomb 
dropped, the currency people 
would come in and throw their ir- 
radiated clothing in the vault. 
Then, they were going to run the 
money supply.” 

The huge door swings open to 
readmit us to the gloom of the 
mantrap. Bianchi shrugs and ex- 
plains, “‘They thought they had a 
handle on it.” * 
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Beyond | 
- the Blue 


Recovery services arent 
just for IBM anymore 


BY STAN KOLODZIEJ 


omputer disaster recovery doesn’t always have to be a game for the big players. 


Though the disaster recovery business is dominated by nationwide, massive recovery provid- 

ers such as Rosemont, Ill.-based Comdisco, Inc. and Wayne, Pa.-based Sunguard Recovery 
Services — both of which service IBM customers — there are a growing number of smaller disaster 
planning and recovery services in which bigger is not necessarily better and you don’t have to be an IBM 


customer to apply. 


John O’Neill, president of O’Neill Data Sys- 
tems in Aston, Pa., and a former Data General 
Corp. OEM, started his disaster recovery oper- 
ation several years ago after learning just how 
difficult it was for DG customers to find ade- 
quate recovery arrangements following a disas- 
ter. 


“One disaster involved a fire at 
the World Life Insurance Co. in 
King of Prussia, Pa.,” O’Neill ex- 
plains. ‘“‘World Life lost its entire 
building and wound up having its 
people spread out over three motels 
with no computers and no paper- 
work. ” 


O’Neill says that World Life al- 
most went bankrupt while it waited 
30 days for DG to supply a replace- 
ment computer and another 20 
days to get itself up and running. 
“Luckily, Wezld Life had been stor- 
ing critical computer tapes, so they 
were able to save most of their data. 
Otherwise,” O’Neill says, “‘it would 
probably have gone under.” 

Not long afterward, O’Neill saw 
another one of his OEM customers 
suffer through a computer room 
flood after a problem arose with the 
building’s air-conditioning system. 
Again, O’Neill says, the customer 


Kolodziej is Computerworld Focus’s se- 
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had problems getting his operation up and run- 


ning. 

“T saw that there was a real need for DG cus- 
tomers to have the adequate protection that 
they weren’t getting from the big vendors, who 
were concentrating on IBM almost exclusive- 
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ly,” O’Neill says. “The big guys will offer cer- 
tain protection for DG and the equipment of 
other vendors, but it’s usually under an IBM 
umbrella plan and doesn’t concentrate on pro- 
viding specific protection aimed at these other 
systems.” 

O’Neill offers DG clients a con- 
tingency plan in the event of a com- 
puter emergency, including access 
to a hot site with a Data General 
MV/10000 minicomputer and of- 
fice space for processing and man- 
agement staff. For an annual fee, 
O’Neill says he will prepare a disas- 
ter recovery plan outlining emer- 
gency measures. Company opera- 
tional procedures are programmed 
into the computer system for imme- 
diate retrieval if necessary, and an 
inventory of equipment is prepared 
for insurance purposes. 

In case of a problem, O’Neill 
Data consultants assist in the tran- 
sition of people and operations to 
the firm’s temporary hot site quar- 
ters in Lenni, Pa. The 6,500- 
square-foot facility is equipped with 
enough office equipment and furni- 
ture to house about 70 clerical per- 
sonnel and 20 managers. O’Neill 
claims that he can have a typical cli- 
ent company in full computer swing 
within two hours. 

Even so, O’Neill says business is 


FOCUS 19 





not booming for him. One problem, he ex- 
plains, is that selling contingency planning 
and disaster recovery to potential clients 
is like trying to sell an insurance policy. 
“Everybody knows they need one, but 
they keep putting it off,” he says. ““Some- 
times it takes a full year to close a deal.” 
Another drawback is the fact that 
O’Neill Data offers a more regional ser- 
vice; it cannot handle backup services via 
remote communications facilities as can 
many other disaster recovery services. 
Not everyone wishes to leave their pre- 
mises and relocate their computer opera- 
tions, even if the situation is just tempo- 
rary. And at this stage, O’Neill says, he is 
glad he can fall back on his more lucrative 
consulting business to bolster earnings. 


Computerworld’s newly expanded and improved 
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One company that is apparently doing 
well in the DG disaster recovery market is 
Data Assurance Corp. of Englewood, 
Colo. Started in 1985, Data Assurance 
now has nearly 60 customers, only five of 
which are located in Colorado, according 
to Dan Kilburn, president of the company. 


DG backup from afar 
Kilburn says that one of the reasons his 
firm is enjoying success is its ability to 
handle hot site backup remotely using 
dial-up lines, modems, multiplexers and 
the company’s Data General MV/20000 
and MV/10000 computers. 

Data Assurance’s communications 
pool includes Anderson Jacobson, Inc. and 
Codex Corp. modems and Codex 6740 


and Timeplex, Inc. IIE statistical multi- 
plexers, a setup that Kilburn claims en- 
sures compatibility with equipment at 
both ends. “Unlike the O’Neill operation, 
we can handle recovery from a distance, 
so we offer customers more options,” Kil- 
burn says. ‘We can’t expect our custom- 
ers to move their entire operation to our 
hot site in Denver, so a large part of our 
business relies on communications.” 

How Data Assurance reacts depends 
on the severity of the emergency, Kilburn 
says. If clients are still able to operate 
from their usual locations, then Data As- 
surance goes in and hooks up its clients’ 
CRTs to Data Assurance modems to com- 


municate with Data Assurance comput- 
ers. “‘We can run at a minimum of 4.8K 
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bit/sec. data speeds,”’ Kilburn says. “It’s 
the customer’s call whether he wants to 
control the computer at our end or at his 
end. We're flexible.” 

Data Assurance and DG have recently 
signed a pact whereby DG now automati- 
cally refers customers interested in disas- 
ter recovery to Data Assurance. 

As for diversifying beyond DG custom- 
ers, Kilburn says there is currently 
enough business within the DG world, in 
large part because that market as well as 
others outside the IBM mainframe spec- 
trum have been virtually ignored by the 
big disaster recovery players, 

That logic is basically why the Onguard 
Disaster Recovery Program was founded 
by California Federal, Inc. in Los Angeles. 
Onguard now services 10 clients, all users 
of Sperry Corp. (now Unisys Corp.) main- 
frames. The program runs a hot site situ- 
ated in Phoenix that contains a Sperry 
mainframe, a number of Sperry cache disk 
subsystems, 36 tape units and several 
printers. 


The mother of invention 

The story of Onguard’s formation points 
out some of the difficulties customers face 
in getting disaster recovery.services in an 
IBM world. According to Randy Seia, On- 
guard’s vice-president of sales and mar- 
keting, Onguard came into being a few 
years ago after the Internal Revenue Ser- 
vice stiffened requirements that compel 
companies to be more responsible for the 
accuracy of information in the event of di- 
saster. 
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The IRS moves “really put pressure 
on Cal Fed to do something together with 
Sperry to accommodate the new require- 
ments,” says Seia, who was an account 
representative for Sperry at the time. 
“Cal Fed had Sunguard to protect its IBM 
equipment, but when it went to pursue 
the Sperry side, there wasn’t anything 
available.” 

Instead, Seia says, he figured that 
there had to be other Sperry customers in 
similar situations, so he brought Cal Fed 
and Sperry together. 

Both parties decided to form a joint 
venture whereby Cal Fed purchased all 
the hardware for the site, leaving Sperry 
with the responsibility of finding a suitable 
location in which to house the equipment. 
The company found a spot in Phoenix at 
the Sperry Aerospace and Marine facility. 

Eventually, Cal Fed assumed total re- 
sponsibility for the disaster recovery site 
and created Onguard. ‘To offset the cost 
of the equipment, we were going to sell 
subscriptions to the service to other Sper- 
ry users,” Seia explains. ‘Since then, 
we’ve been pretty successful at attracting 
business.” 

But not successful enough. With only 
10 customers, Seia and others at Onguard 
feel it is time to grow again. ‘“‘We’ve come 
to the conclusion that we’re going to re- 
quire more hardware, so we’re looking at 
a major expansion in the next six months 
and a major sales effort,” Seia explains. 

Seia is also quick to point out that the 
Phoenix operations are not considered by 
Onguard to be a regionai concern. “We 
have an airstrip next to the facility, so the- 
oretically, people in, say, Florida and 
Pennsylvania could load their tapes into a 
plane and be out here in five hours.” 

Seia says the company is trying to limit 
the geographical concentration of sub- 
scribers so that if someone in Salt Lake 
City decided to sign on, “we would block 
out most of that metropolitan area for 
them to alleviate any problem with having 
a concurrent disaster in the same area,” 
Seia explains. ‘We want a real geographi- 
cal dispersion of clientele. 

“We've also decided that if we feel cli- 
ents are going to contend for testing time 
and other considerations, then we’ll open 
another center,” Seia says. 

Even some computer manufacturers 
are beginning to find disaster recovery a 
good business and a sales hook to bring in 
clients. The lack of nationwide third-party 
firms providing coverage for non-IBM 
equipment has spurred Hewlett-Packard 
Co., Wang Laboratories, Inc. and some 
others to actively look into providing con- 
tingency planning and disaster recovery 
services for their own customers. 


DEC services 

Digital Equipment Corp.’s often-over- 
looked Restart software and Recover-All 
hardware recovery programs, for exam- 
ple, have been available to its clients for 
some years now. Steve Goldfarb, DEC 
software services marketing manager, 
says that he finds DEC customers are 
more apt to implement contingency plans 
if they use consultants (which DEC pro- 
vides) than if they tried to rely on their 
own internal resources. 

“Our Restart service guarantees that 
clients will have the contingency plan 
within 90 days, and we’ll guarantee that 
we'li have it in place,” Goldfarb says. 

He explains that the Restart DEC plan 
includes identifying the major client re- 
covery team members, then integrating 
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critical users into backup and emergerity 
procedures. Benchmarks to determine 
how long it would take to get critical appli- 
cations on-line are set up, and then the re- 
covery plan is tested at one of two DEC 
Restart hot site centers located either in 
New Jersey or just outside Chicago. 
Following a disaster, some customers 
can be up and running in four hours, de- 
pending on the level of subscription, Gold- 
farb says. However, all customers, he 
claims, are guaranteed to be up and run- 
ning in 24 hours. The DEC hot sites can 
run critical customer applications for up 
to 30 days either remotely or on site. 
Goldfarb says the on-site facilities include 
up to 20 terminals for customer use. 
DEC’s Recover-All is a field service 


program covering the hardware part of di- 
saster recovery. ‘“Recover-All provides 
service support not covered under the 
usual service contracts,” explains Robyn 
McHugh, Recover-All product manager. 
“That includes fire, floods and power fail- 
ures, though the majority of cases involve 
accidents such as power surges and prob- 
lems with sprinklers. And there is no de- 
ductible involved.” 


Allin the family 

On the software side, Goldfarb says, the 
Restart DEC program does not cover 
IBM or other systems software, only 
DEC-related applications running under 
DEC VAX or PDP-11 systems. On the 
hardware side, McHugh says, third-party 
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hardware will be covered with Recover- 
All only if it is first covered under a DEC 
services contract. 

“We have to address the issue of cov- 
ering other vendors’ systems in our pro- 
grams,” Goldfarb admits. “‘As more ven- 
dors’ systems become tightly integrated, 
I think there’s going to be growing pres- 
sure from customers to provide [disaster] 
planning and services across vendor 
lines.” 

Finally, if the idea of moving out after a 
disaster or conducting business remotely 
doesn’t appeal to your company, there is 
an option. 

Provident Recovery Systems, a Cary, 
N.C., sister company of Compusource, 
Inc., which is a major disaster recovery 
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firm also in Cary, will bring a data 
center to you. Provident has a 
mobile trailer that is capable of 
providing from 600 to 3,500 
square feet of relocatable data 
center environments. This mov- 
able data center is equipped with 
Halon fire protection, raised 
computer room flooring, air-con- 
ditioning, humidity control and 
diesel generators. 


Perhaps more important, 
however, is the Provident claim 
that the mobile unit is basically 
vendor equipment independent, 
providing backup for systems 
from IBM, Wang, HP, Unisys, 
DEC and others. 


Staying put 
One of the major attractions of 
bringing the data center to cus- 
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tomers is what Provident claims 
to be a significant reduction in 
off-site processing expenses. 
Following a disaster, the client 
notifies Provident, which dis- 
patches a consultant to the client 
to verify that disaster recovery 
specifications are up to date. 
Provident then contacts the 
utility and telephone companies 
in the client’s district to arrange 


for power and telecommunica- 
tions hookups as close to the cli- 
ent facilities as they can get. 
Next, they arrange with the 
computer vendor or vendors for 
delivery of machines to the mo- 
bile unit. 

If everything works properly 
(and that’s a big question mark), 
clients should be up and running 
within a few days, according to a 
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Provident spokesman. Clients 
can continue to use the mobile 
data center for up to four months 
if necessary. 

But both O’Neill and Kilburn, 
as could be expected, are skepti- 
cal of such mobile backup units. 

“The mobile unit is an empty 
shell, it’s a cold site,” O’Neill 
says. “There is no guarantee 
they [Provident] will get the 
computer equipment from the 
vendors in good time.” 

As for Kilburn, he says, 
“What is the difference between 
a mobile van and having some- 
body in the used [computer] 
equipment business load a semi 
tractor trailer full of equipment 
and deliver it to the nearest 
available office space? Not a big 
difference.” 

On the surface, there are oth- 
er drawbacks to the mobile cold 


“I think there’s going 
to be growing pressure 
from customers to 
provide [disaster] 
planning and services 
across vendor lines.” 
DIGITAL EQUIPMENT CORP. 


site approach. Trying to fit 2 
trailer into congested downtown 
areas in major U.S. urban cen- 
ters could be tough enough; fur- 
nishing a cold site is an additional 
burden to those already in the 
middle of trying to reestablish a 
data center after a disaster has 
occurred. 

Another problem is the dis- 
tance from the disaster site. The 
farther the site is from the mo- 
bile unit, the longer it will take to 
set up and the greater the 
chance that the unit could be 
struck or perhaps have engine 
problems and become immobi- 
lized on the way to the disaster 
site. 

However, Provident, for its 
part, has since added a mobile 
hot site unit that carries an IBM 
4300 mainframe configuration 
and up to 2,000 square feet of 
operations space. 

“What we're offering is an al- 
ternative to customers that I 
think is a-sign that the industry is 
maturing,” according to Wayne 
Edge, president of Provident. 

Although Kilburn is not a 
wholehearted promoter of the 
mobile unit concept, he says the 
diversity of such services is 
healthy for the industry. 

As an example, he points to a 
friend who is planning on provid- 
ing mobile disaster recovery ser- 
vices for U.S. banking customers 
using Burroughs Corp. (now Un- 
isys) computers. ‘““There are go- 
ing to be more of those kinds of 
services,” Kilburn says. ‘“The di- 
saster recovery industry has 
room for specialized services 
that offer users some variety.” + 
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Catching disasters 
efore they happen 


BY KENNETH BRILL 





nce burned, twice shy is an adage that many disaster survi- 


vors take to heart. But are policies put in place only after a 


disaster occurs the most prudent way to run a business? Ask 


the MIS professional who just lost his data to fire or flood or other 


cataclysm whether the recovery plan he put in place this week will 


bring back lost information and dollars. It may be too late for him, but 


for you, disaster avoidance and prevention may 
be the smartest advice you will ever get. 

Disasters do not just happen, they are caused 
by conditions that can be identified and safely 
eliminated before catastrophic downtime 
strikes. 

Even hurricanes, tornadoes, earthquakes, 
floods and other acts of God follow predictable 
patterns that can be anticipated and countered 
skillfully. For example, a data center located ina 
basement or on a first floor that is lower than a 
flood plain is sooner or later asking for trouble, 
as a number of Chicago sites found out last Oc- 
tober after a freak nine-inch rainfall. If your site 
is susceptible to floods, either locate the data 
center and all support equipment including utili- 
ties on a higher floor or leave equipment in place 
but provide a means for keeping the area 
pumped out. 

Respond to warnings of potential natural di- 
sasters; the information is available, don’t be 
caught unprepared. Months prior to last year’s 
huge earthquake in Southern California, the Na- 
tional Science Foundation released a major 
study predicting that in Southern California, 

, only one out of every 20 companies 


Brill is a site uptime consultant and president 
of Computersite Engineering, a Cambridge, 
Mass.-based engineering consulting firm 
specializing in site conceptual design, site 


was prepared for the kind of damage an earth- 
quake could inflict on data processing opera- 
tions. 

There are few disasters in which something 
happens that is totally unprecedented. In fact, 
virtually every computer disaster can be traced 
back to ignorance of external environmental or 
weather threats or to internal engineering or 
maintenance deficiencies that allowed minor 
problems to escalate into major disasters be- 
cause there was no built-in means of defense. 
This pattern of simple but common inadequa- 
cies repeats itself over and over again. 

Despite these facts, too many disaster recov- 
ery plans are based on the assumption that ‘‘no 
disaster can be planned for, but the recovery 
can be planned.” Nothing could be further from 
the truth. 

Take the example of one New England-based 
manufacturer that experienced very expensive 
disasters twice during the last seven years. The 
company still has not learned this most basic 
lesson. 

The company’s first data disaster was exac- 
erbated by the lack of a fire wall between its 
computer room and the rest of the building. 
Without this protective wall, the smoke and 
soot from a fire at the other end of the building 
flowed through a duct created by the ceiling tile 
and the floor above and entered the computer 

room, ultimately forcing 
a shutdown. Cleanup re- 
quired several days and 


Learn to read the warning signs 
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cost hundreds of thousands of dollars. 

Despite this tremendous expense, no 
one apparently thought to investigate 
whether there might be other building in- 
adequacies. Several years later, a 142- 
inch water pipe to a toilet broke on the 
floor above and water cascaded down 
onto the mainframes, again forcing a shut- 
down and recovery expenses running in 
the high six figures. To this day, this com- 
pany continues to focus on how it could 
have recovered better, rather than facing 
up to the reality that both disasters were 
predictable and easily preventable. 

Historically, most computer room 
damage is caused by water leaks from 
broken pipes, backed-up sewer lines, 
leaky roofs or fire sprinklers. The source 
of this water does not have to be within 
the computer room. In fact, most water 
damage disasters originate from outside 
the computer room. Water comes down 
through the upper floors via electrical or 
plumbing chases or through sidewalls 
with adjacent spaces. If the path of least 
resistance is through the computer room, 
that is where the water will flow. 

So take a minute. Is your computer 
room prepared for this identifiable and 
frequent source of damage, which could 
trigger your company’s disaster recovery 
plan? Are sidewall and ceiling entry points 
sealed? Are there dams and drains to keep 
water from flowing through the computer 
room? Do you have tarpaulins on hand to 
cover up computer hardware to protect it 
from cascading water? Do you have wood- 
en wedges that can be driven into acciden- 
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tally discharging sprinkler heads to shut 
them off quickly? Are the locations of 
emergency water shutoffs prominently 
posted? Do you have a way to know that 
water has gotten under the raised floor 
and a means for getting it out? 


‘it’s not my problem’ 
It is easy to say, ““That’s not my problem; 
I’ve already got more to worry about than 
I can handle, and besides, I’m not an engi- 
neer.”” Such comments are understand- 
able. Yet disaster avoidance must be an 
integral part of every disaster recovery 
plan. Recovery planning is a tacit ac- 
knowledgment by top management that a 
disaster could happen at any time and that 
having a recovery plan is prudent. If it is 
cost-effective to plan recovery from a di- 
saster, then avoiding disaster in the first 
place must be an even greater priority. 

Avoiding a predictable disaster saves 
money in the long run. After calamity 
strikes, not only does the original problem 
have to be fixed, but the damaged hard- 
ware and software must also be repaired 
or replaced at great expense and disrup- 
tion to the entire organization. And no 
matter how good your insurance cover- 
age is, you will experience aggravations 
for days, weeks or months after the physi- 
cal disaster is cleaned up. With these 
kinds of risks and costs, how’can you af- 
ford not to address physical disaster risks 
in your disaster recovery plan? 

Internal disasters follow predictable 
patterns. Most impact the computer 
room by forcing their way in from the out- 
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side. Broken water pipes are one exam- 
ple; smoke is another. Even if the flames 
don’t reach the computer room, smoke 
and soot from a fire can be absolutely dev- 
astating. Soot naturally seeks out the 
coolest places, which means it will be 
sucked into every nook and cranny of the 
computer room. No matter how tightly 
covered or stored equipment is, soot can 
find its way into every data storage device 
and can be deposited onto the media. 
Composed of chlorides and other salts 
from burning plastic, soot is an even 
greater threat than fire to the internal 
guts of your computer’s hardware. The 
high humidity in the air from putting the 
fire out plus the chlorides and salts carried 
by the soot get deposited on the metal in- 
nards of your computer’s electronics and 
combine to form a battery that starts to 
corrode circuits immediately. Within a 
week, this corrosion appears as a white, 
fuzzy film on circuit cards. If it continues, 
you can expect to have a lot of future ran- 
dom hardware malfunctions that may 
eventually force you to replace the whole 
computer. 
Most large computer rooms have in- 
stalled Halon systems to extinguish a fire 
before it gets hot enough to trigger the 
building’s water sprinklers. But did you 
know that the fire suppression of a Halon 
system can be compromised by an open 
door, holes in sidewalls where data cables 
enter or leave and other openings that 
may allow the Halon gas to escape? 
To put out a fire, a 55% concentration of 
Halon must be maintained for 10 minutes. 
Because Halon is a gas five times heavier 
than air, upon discharge it immediately 
flows to the floor looking for any holes 
through which to escape. Knowing how to 
prevent the escape of Halon is the critical 
factor in successfully extinguishing a fire. 
A typical installation requirement for a 
new Halon system is a discharge test 
showing that the room has been made 
tight enough for the gas concentration to 
If it is cost-effective to plan 
recovery from a disaster, then 
avoiding disaster in the first 
place must be an even greater 
priority. 

be maintained for 10 minutes. 

Discharge tests are expensive because 
they waste Halon, which costs thousands 
of dollars per test, yet past experience has 
indicated that the only way to know 
whether a room is tightly sealed is to per- 
forma test. 

The precaution of the Halon system is 
all well and good, but what happens five 
years later? Most of the people involved in 
the project then are gone. Does anybody 
remember that the effectiveness of the 
computer room’s expensive, reassuring 
fire suppression system is totally depen- 
dent on preventing Halon gas from escap- 
ing? What is the value of an initial dis- 
charge test if no one ever follows up and 
makes sure that the room’s integrity has 
not been subsequently compromised? 

Let’s take disaster avoidance a step 
further. Large data centers typically have 
a host of equipment that allows the com- 
puter to continue running despite power 
failures or other external problems. But 
who checks to see that this equipment will 
work in an emergency? Many sites have a 
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secure feeling because they have an 
emergency generator that they run every 
Friday for 30 minutes. But based on expe- 
rience, there is a 95% probability that 
these tests are being conducted under a 
no-load condition, a situation that is prob- 
ably the worst thing that could be done to 
assure emergency readiness. Engines 
need to get hot and work before they can 
be certified as emergency ready. This 
problem is so serious that the National 
Electrical Code was modified several 
years ago to require load testing for hospi- 
tals dependent upon emergency systems. 

Regular disaster avoidance audits 
should be Item 1 of your disaster recovery 
plan. The first several audits will be more 
time-consuming than later ones, because 
data center construction must also be 
carefully evaluated for potential design 
defects, especially in regard to potential 
natural disasters. Do not take anything as 
a given. While this advice may seem over- 
ly dramatic, it is best not to assume all is 
safe, especially if changes are made after 
the completion of the building. What is 
physically in the building now is what 
counts, not what the drawings specify. 

Evaluate how well the building will 
protect occupants and equipment from 
floods, hurricanes or other geography- 
specific problems. Identify single-point 
failure modes, such as water flowing from 
a pipe that has burst directly above your 
uninterruptible power system, in which 
one malfunction can take the entire data 
center down. 

Every audit should evaluate the emer- 
gency readiness (availability and expected 
performance) of the 17 site subsystems 
typically found in most large sites. Of 
these, 10 are on continuously providing 
power and cooling. The other seven, 
which include the Halon system, for ex- 
ample, are off-line waiting to operate 
automatically upon detection of an emer- 
gency. Failure of any one of these subsys- 
tems to perform can result in anything 
from a small to a major disaster. 

Each subsystem needs to be rated 
green, yellow or red according to the sys- 
tem’s viability. A red flag means that a 
subsystem cannot be depended on for 
protection because of known but unre- 
solved technical problems. A yellow flag 
means caution, a malfunction is possible, 
and green means the system is in working 
condition. When a company goes through 
this procedure for the first time, it may be 
surprised by the number of subsystems 
that have been tagged with yellow and red 
flags. What this exercise illustrates is that 
real protection is based on whether the 
equipment has been properly engineered 
and is currently ready for use and not on 
how many hundreds of thousands of dol- 
lars have been spent on it. 

Over and over again, major protection 
systems are crippled by a lack of minor 
parts or problems that exist well down in 
the chain of command. The red, yellow 
and green rating system provides a sim- 
ple, easily communicated summary that, 
when circulated to top management, can 
be used to get funding or break organiza- 
tional bottlenecks that have prevented 
problem resolution. 

Physical disasters are predictable and 
can, therefore, be avoided if you know 
what to look for. While it may not be the 
disaster planner’s job to personally search 
out physical disaster risks, he is responsi- 
ble for alerting top management that reg- 
ular disaster avoidance audits are a crucial 
part of every disaster recovery plan. * 
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For those who want to keep 
the juice flowing, here are 


The ins. 
and outs 
of UPS 


imes are changing for uninterruptible power supplies (UPS), those unheralded systems that 


BY STAN KOLODZIEJ 


keep computers running when the power goes off. 
Take the market for UPSs, for instance. Not so long ago, UPSs were confined primarily to the 
shop floor of America’s industrial heartland and the military, where unornamented, ruggedized UPS 


systems blended in with process control equipment and military ordnance. The emphasis was on 


work, not style. 


According to Dan Kennedy, 
project director at Venture De- 
velopment Corp., a Natick, 
Mass., research firm, 60% of 
UPS revenue today comes from 
the data processing market, 
while the traditional UPS pres- 
ence in the industrial market and 
the military has faded to about 
10% and 3%, respectively. This 
is almost a complete reversal of 
the overall UPS market in the 
past. 

While the market thrust has 
been changing, UPS product 
lines have also been revamped. 
Kennedy says that the big de- 
mand now is for so-called static, 
as opposed to rotary, UPSs. 
Static UPSs are electronic sys- 
tems relying primarily on batter- 
ies when the power fails. Rotary 
systems, on the other hand, use a 
generator, most likely driven by 
a diesel engine, as backup. 

Rotary UPSs, in general, are 


Kolodziej is Computerworld Focus’s 


used in situations in which any 
extended downtime is consid- 
ered absolutely disastrous — in 
a hospital, for example. “In that 
case, they will probably want an 


on-line generator installed so 
they'll be okay if they have no 
power for 24 hours,’’ Kennedy 
explains. 

Both static and rotary UPSs 
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can be on-line or off-line to the 
computer systems they protect. 
According to New York-based 
consulting group Frost & Sulli- 
van, Inc., on-line systems have a 
commanding market lead over 
standby, off-line systems, with 
on-lines accounting for nearly 
three-quarters of all U.S. sales. 

- In recent years, UPS manu- 
facturers have been busy adapt- 
ing their systems for design 
changes that will enable UPSs to 
fit easily and less conspicuously 
into data centers and on the of- 
fice floor. 

One important advance has 
been the development of new 
batteries for UPS systems. Ken- 
nedy explains that traditional 
wet lead acid/calcium batteries 
have long lives but require ade- 
quate ventilation and periodic 
maintenance. UPS manufactur- 
ers instead have developed 
sealed, maintenance-free batter- 
ies for use in UPS products. 

Many UPS manufacturers 
have also been switching from 
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noisier, heavier magnetically 
regulated UPS inverters (de- 
vices that convert direct current 
into alternating current) to qui- 
eter and lighter electronic in- 
verters, which make UPSs more 
suitable for computer environ- 
ments. A lighter UPS system, 
for instance, prevents damage to 
the raised floors of data centers. 

UPS vendors are even restyl- 
ing UPS systems to stand along- 
side and blend in with the colors 
and streamlined design of mini- 
computers and mainframes. 

Kennedy says the UPS mar- 
ket continues to get a boost from 
the inability of many power utili- 
ties to provide clean power with 
minimal line aberrations. Anoth- 
er problem helping the technol- 
ogy is the escalating amount of 
electromagnetic _ interference 
caused by the growth of intercity 
communications systems. 

Mike McCullough, data pro- 
cessing manager at Levi Strauss 
& Co.’s distribution center in 
Henderson, Nev., a suburb of 
Las Vegas, says that anything 
that can go wrong between 
clothier Levi Strauss and the 
power station directly affects the 
distribution center’s computers. 

“We're out in the boondocks, 
all by ourselves, and at the end of 
the line as far as the local power 
company is concerned,” McCul- 
lough explains. 

Though he says that nothing 
major has ever happened to the 
Levi Strauss distribution center 
in the way of a power outage, an 
on-line hybrid static/rotary 125- 
kVA UPS guards the company’s 
IBM mainframe, 75 terminals 
and telephone system. He ex- 
plains that if there is a power fail- 
ure, the computer system auto- 
matically defers to the battery- 
powered static UPS. When the 
batteries dim, the rotary UPS 
system kicks in with its diesel- 
powered engine that keeps gen- 
erating power as long as fuel is 
put in it, he says. 

“We installed the UPS four 
years ago, after we experienced 
periodic power outages,” 
McCullough explains. “It was an 
add-on after the mainframe was 
installed. The power problem 
got critical.” 

Though McCullough says the 
power service is more reliable, 
the firm still experiences about 
two power outages a month. 
“The computer equipment we 
were using years ago was half as 
energy efficient as our new com- 
puters,” he explains. 

Bob Coyle, senior vice-presi- 
dent of operations at Sears, Roe- 
buck Acceptance Corp. in 
Greenville, Del., says his compa- 
ny moved recently from the in- 
ner city to a subdivision where 
there are no above-ground pow- 
er lines, thereby minimizing line 
fluctuations. Even so, Coyle’s 50 
personal computers and IBM 
System/38 are protected by a 
40-kVA UPS. 

“We also have a diesel gener- 
ator backup system that is acti- 
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vated after a five-second inter- 
ruption of power,’”’ Coyle says. 
“We decided when we moved 
that we still needed adequate 
protection.” 

Some still gamble on the 
odds, however. Eugene Lallier, 
MIS director at the East Green- 
wich, R.I., distribution arm of 
fastener manufacturer Stanley 
Bostitch, says his company re- 
cently refused to spend 
$100,000 to bring in a UPS sys- 
tem to protect its IBM main- 
frame, 150 in-house terminals 
and 250 remote terminals. 

““Management’s attitude was 
that for the amount of time that 
we would conceivably be down, 
it wasn’t worth the money,” Lal- 
lier says. “But when you look at 
the bottom-line impact at this 
company, with the types of 
transactions we process, if we go 
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the UPS market, which tends to 
be divided into two segments — 
under 10kVA for micros and 
10kVA and over for minis and 
mainframes — will enjoy hea!thy 
growth until 1991. It is the un- 
der-10kVA segment, containing 
off-line, standby UPS systems 
that support small minis and mi- 
crocomputers, that is taking off. 

UPSs for micros go cheek by 
jowl with vendors offering an ar- 
ray of backup equipment, includ- 
ing surge suppression, voltage 
regulation and power distribu- 
tion units for users. 

Until recently, power backup 
for micros was not worth its high 
price because of the relatively 
small amounts of data saved 
within personal computers. The 
high cost, sometimes up to 
$2,000 per kVA of power capaci- 
ty, meant that a UPS system of- 


The approximately $50 the firm spent on individual 
personal computer power boxes was worth every 
penny. “That’s a cheap price for peace of mind.” 


BOB COYLE 
SEARS, ROEBUCK ACCEPTANCE CORP. 


down, we suffer big damage.” 

Lallier says that even if there 
were a power outage of a period 
of only 15 minutes, it would take 
three hours to bring the system 
up again with a warm start so 
that the company would lose as 
little data as possible. “So we 
would be down effectively for 
three hours with any kind of 
power failure, but I can’t remem- 
ber the last time that hap- 
pened,”’ he explains. 

“‘When I try and put data to- 
gether that justifies the fact that 
the machine is going to go down 
and that it’s worthwhile to spend 
the money, I still can’t come up 
with enough hard information 
that says we go down enough,” 
Lallier says. 

The division’s field systems 
are all on-line, sending in crucial 
transaction data such as order 
entry, billing and invoicing. Lal- 
lier says that Bostitch does have 
fallback procedures that enable 
it to continue shipping products 
even if the computers go down. 


Playing the odds 

For this year, however, it ap- 
pears the company will continue 
playing the odds. Lallier says he 
probably will not resubmit a pro- 
posal for a UPS, even though the 
division’s computer-aided design 
and manufacturing (CAD/CAM) 
section, which runs indepen- 
dently of the office system, also 
is not protected by a UPS. 

“T’m having enough problems 
just getting money to expand my 
computer room 600 square feet 
to add a direct access storage de- 
vice,” he says. ““That’s a more 
do-or-die situation for us.” 

Perhaps the biggest change in 
UPS technology has been ush- 
ered in by the microcomputer 
revolution. Venture Develop- 
ment’s Kennedy projects that 


ten could cost more than the mi- 
cro it was protecting. 

“The growth, however, in lo- 
cal-area networks, file servers 
and more powerful micros has 
justified a market requiring 
smaller, more specialized backup 
systems for individual and group 
users,” Kennedy says. “Also, 
the prices are coming down with 
these standby systems.” 

Hal Goldman, president of 
Elek-Tek, Inc., a Lincolnwood, 
Ill., distributor of small UPS sys- 
tems, maintains that micro- 
based UPSs have now gone from 
an afterthought in the minds of 
most MIS managers to an inte- 
gral part of the micro purchasing 
decision. “In many cases now, 
MIS won’t buy micro disk drives 
without adequate power protec- 
tion,” Goldman says. 

These micro systems, which 
Goldman says are not quite true 
UPSs, are usually the innocuous- 
looking devices found sitting un- 
der users’ computer monitors or 
on their desks beside their mi- 
cros. 
“In our systems, there are 
rows of LED status lights that 
should be in direct view of the 
user,” says Jay Goldstein, mar- 
keting manager with Perma 
Power Electronics, Inc., a Chica- 
go supplier of micro UPSs. “‘The 
user should be aware at all times 
of the status of his system so he 
can react quickly.” 

These micro protection de- 
vices can range from low-cost 
line conditioners or surge sup- 
pressors that cost about $30 
each and prevent disk drives 
from being injured, to intricate 
systems costing thousands of 
dollars and performing tasks 
from line monitoring to full back- 
up procedures. 

Bostitch’s Lallier says his 
company bought surge protec- 
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tors at about $30 each for every 
PC. “We got them because we 
experienced hits in which we’ve 
blown several PC disks.” 

Sears’s Coyle says that the 
approximately $50 the firm 
spent on individual PC power 
boxes was worth every penny. 
“That’s a cheap price for peace 
of mind,” he says. 

Elek-Tek’s Goldman adds 
that the advent of expensive mi- 
cros carrying the powerful Intel 
Corp. 80386 processor into the 
office and into CAD/CAM appli- 
cations provides new incentive 
for considering micro UPSs and 
for opting for those more expen- 
sive UPS systems with more fea- 
tures. 

“I know customers using 
386-based machines with 100M- 
byte hard disks,’ Goldman says. 
“T don’t know why they need all 
that [computing] power, but 
there are a lot of them out there. 
These machines contain a great 
deal of data and need protection 
right at the micro level. These 
power users deal a lot with con- 
sultants who usually recommend 
getting everything, including 
UPSs; sometimes [these fea- 
tures are] more than the user 
really needs.” 

Goldman maintains that a 
386-based micro, even with as 
much as 300M bytes of hard 
disk, may sound like it would 
need a great deal of electrical 
power, but in reality, it doesn’t 
use that much power, “‘so a 2- 
kVA UPS is overkill.” 

Goldman also says that as mi- 
cros become more powerful, us- 
ers are demanding more from 
backup systems. Despite the fact 
that most micro users could still 
tolerate short power breaks 
without losing much data, Gold- 
man says that even this situation 
is becoming too much. 

“They don’t like the idea of 
there being any transfer time be- 
tween the power failure and the 
backup system kicking in,” Gold- 
man explains. “Most units only 
have a millisecond or two trans- 
fer delay, which is completely 
transparent to users and results 
in no data loss. It’s almost like 
being on-line, except the backup 
unit doesn’t kick in until it’s 
needed. Even so, users want full- 
fledged UPS at the micro level.” 

Perma Power’s Goldstein 
says the real trend in micro 
UPSs is in having intelligent 
backup that interacts with the 
CPU or file server, enabling the 
micro user to define what will 
happen when the power goes off. 

“There’s software resident in 
the CPU or file server, and it 
picks up a signal from the backup 
that it has gone into backup and 
that there’s only so much time 
left,”’ Goldstein says. 

“The CPU can log off the 
nodes and shut itself down for a 
certain time, and it can even shut 
down the battery backup so it 
won’t wear down the rest of the 
batteries,” he says. When the 
power returns, users could have 


the system return them to 
where they left off, come up to a 
front-end menu and so on. 

“How you configure UPSs at 
the micro level will vary,” Gold- 
man explains. ‘Network file 
servers would definitely be 
backed up, but each independent 
workstation is an option, de- 
pending on whether the work- 
stations keep their own data or 
only access it from the server. 
We’ve found it necessary to have 
every server UPS protected.” 

The UPS systems market, 
big and small, is getting crowded 
with vendors. Goldstein esti- 
mates that the U.S. market for 
micro protection equipment is 
currently entertaining about 
120 Underwriters Laboratories- 
listed brands of surge suppres- 
sors and about 60 brands of bat- 
tery-backup devices. ‘What 
we're seeing,” Goldstein says, 
“are many garage operations 
starting up.” 

The market is dominated by 
Santa Ana, Calif.-based Emerson 
Electric Co. (which recently pur- 


« chased Liebert Corp., another 


big UPS player), Exide Electron- 
ics Corp. in Raleigh, N.C., and a 
few others. AT&T Technology 
Systems recently joined the fray 
by introducing several UPS 
models in. the under-10kVA 
range. 


Prices down, features up 
“What I think we’re going to see 
in the coming years is more com- 
petition from the low-end stand- 
by systems vendors,” says Jack 
Dicton, AT&T market opera- 
tions manager. “You're going to 
see prices coming down and fea- 
tures going up to challenge the 
on-line micro UPS systems.” 

Frost & Sullivan predicts that 
the smallest UPS systems, those 
under 2 kVA, will see the biggest 
market surge, climbing 25% an- 
nually through 1991. The under- 
2-kVA segment is also the mar- 
ket containing the highest 
proportion of micro UPS stand- 
by systems. 

Dicton and others also predict 
that in the next few years there 
will be a lowering of quality in the 
UPS market because of the in- 
flux of increasing competition, 
including the Japanese, unless 
there is some movement to in- 
troduce standards into the UPS 
industry. “‘I think as quality dete- 
riorates, there will be a move- 
ment by vendors and users to co- 
alesce around some officially 
sanctioned UPS standards,” 
Dicton maintains. 

Venture Development’s Ken- 
nedy is not so sure. “I hear a lot 
about the lowering of quality in 
the [UPS] market,” he says. 
“But I hear it mainly from ven- 
dors, not from users. 

“UPS has few gray areas,” 
Kennedy continues. “If a UPS 
system doesn’t work, users will 
let you know and word gets 
around. The impression I have is 
that these systems are pretty re- 
liable.” * 
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Survival planning for data disaster 


BY HELEN PIKE 
SENIOR WRITER 


ata corruption rare- 
ly shows mercy: It 
doesn’t matter if 
the disaster is an 
act of God or an 
act of a hack pro- 
grammer. If it is 
missing or dam- 
aged, data can be 
gone without a hope or 
prayer of getting it back. Most 
acts that sap data integrity result 
in taking the system down; and 
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at that, users get nervous and 
angry. 
indsight says most disas- 
ters could have been avoided 
with planning. Foresight, obvi- 
ously, looks to do just that in or- 
der to preserve a company’s 
competitive business position. 
The latter is a trend that’s be- 
coming more widespread, while 
exainples of the former become 
more awesome and chilling in 
their telling. 

Take the case of 25,000 gal- 
lons of water that broke through 
air-conditioning ducts at a fi- 


nancial services firm in New 
York and destroyed five of the 
company’s seven mainframes. 
Or the West German computer 
club whose members cracked 
their way into the National 
Aeronautics and Space Adminis- 
tration’s European network 
and had unrestricted access to 
scientific data for three months 
last summer. 

Then there are disaster sto- 
ries in which damage is less ex- 
treme. Reverberations from an 
earthquake in southern Califor- 
nia moved data equipment in a 
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savings and loan office three 
inches across the floor. And at a 
data center in Connecticut, 
6,000 tapes and related hard- 


ware were subjected 
to a fire and then, five 
years later, a flood. In 
both cases, the data 
centers were operat- 
ing in a matter of days 
because of planning. 


Weigh the risks vs. 
the costs for a 

successful security 
strategy. Page 30. 


Companies are finding out 
that not having a security or re- 
covery plan means, in the 
words of one MIS manager, that 
“‘you become the disaster.” 
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“The whole security issue is starting 
to mature,” observes Richard C. Koenig, 
associate director of the Computer Se- 
curity Institute in Northboro, Mass. 
“Businesses are accepting it as part of 
the.cost of doing business.” 

According to Koenig, the phrase “‘ac- 
cepted good practice,” coined by comput- 
er auditors, is becoming more frequently 
used in disaster recovery circles. 

“It’s getting so businesses are re- 
garded as delinquent in some way if they 
don’t have access control software or a 
password system,” explains Koenig, who 
has chronicled a rise in disaster recovery 
planning and data security implementa- 
tion during the last five years. 

“It’s easy to find a role model in your 
own industry,” he adds. 


The Job of MIS 

“T tell them I’m waiting for pestilence,” 
jokes Ross Ahntholz when he speaks to 
users groups about how he weathered 
separate plagues of fire and water at the 
data center of Stamford, Conn.-based 
Olin Corp. 

But Ahntholz, who has spent 22 years 
as a programmer and eight years as Olin’s 
Information Services Director, is seri- 
ous about what happened to him and 
equally serious about getting other MIS 
managers to plan for recovery. 

“We got religion in terms of disaster 
recovery,” Ahntholz explains about the 
staff of programmers, operations per- 
sonnel and technicians at his organization. 
“Tt’s not a this, then that, but a who, 
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what and where.” 

He was faced with answering those 
rhetorical questions after a three-hour 
fire burned 25% of Olin’s corporate 
headquarters early Saturday morning 
July 25, 1981. The fire was 50 feet from 
the data center. Affected by the blaze and 
the efforts of firefighters to put it out 
were an IBM 3081 mainframe, a 4381 
mid-range model, 6,000 data tapes and 
the company’s telephone equipment. 

Olin makes its $1.8 billion annual rev- 
enue through the manufacture and sale of 
chemicals, ammunition and brass. Most 
of the purchase orders are phoned in to 


“We got religion in terms of 
disaster recovery. It’s not a 
this, then that, but a who, 


what and where.” 
ROSS AHNTHOLZ 
OLIN CORP. 


company headquarters in Stamford. 

“We’re in a commodity chemical 
business,”’ Ahntholz explains. “If a [cus- 
tomer] can go next door, that’s a lost 
sale. We wanted to divert that.” 

At the time of the fire, Ahntholz ad- 
mits he had very little training in disaster 
analysis and that his backup plan was 
limited to tapes stored off-site and a tele- 
phone list only of his immediate staff. 
Given these drawbacks, Ahntholz ob- 
serves, ‘““We got lucky.” 
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One piece of luck in his favor was 
learning that the data center had to be 
chemically cleaned before IBM would 
bring the systems back up. “I wanted to 
bring the computer up right away. But 
they [IBM] told me to wait until it was 
clean,” Ahntholz says. ‘There would 
have been head crashes on every device 
had we brought it up dirty.” 

The second piece of luck was finding 
someone who could do the job of chemi- 
cally cleaning away a residue of thick 
smoke and greasy soot that coated the 
data center. 

Although at the time Ahntholz did not 
know of a cleaner, a member of his opera- 
tions staff did. Eight employees from 
Hurley Chemicals, Inc., also in Stamford, 
spent 18 hours that weekend taking 
down ceiling and pulling up floor tiles to 
prepare the room for reactivating the 
computer systems. 

“It’s good to get to know who’s out 
there so you can evaluate their work be- 
fore you need them,” he notes, adding 
that this is one checklist item managers 
should consider when forming a disaster 
plan. 

Next up for cleaning were the data 
tapes. MIS colleagues from neighboring 
General Electric Credit Corp. agreed to 
come in and run Olin’s bits per inch, or 
BPI, tapes on GE Credit’s drives. 

“We cleaned the tapes with tape 
cleaner and mounted them on their com- 
puter just to see if there was heat or par- 
ticle damage,” Ahntholz recalls. ‘“There 
was a sigh of relief when they turned out 
to be all right.”” 

Twenty-four hours a day for a week, 
Ahntholz’s staff worked at cleaning the 
rest of the 6,000 tapes before they were 
remounted on the tape drives. “‘We pro- 
cured six tape cleaners from other com- 
panies in Fairfield County,” he says, add- 
ing that the only data entries that were 
lost were those in which the filters and 
equipment had been neglected in the 
cleaning process. 

After who, what and where, the 
fourth question Ahntholz had to answer 
was how to make Olin’s customers be- 
lieve it was business as usual on Monday 
morning. 

At 4 p.m. Saturday afternoon, the de- 
cision was made to recable 80 CRTs used 
for order entry — terminals left un- 
touched by the’fire but stranded on the 
other side of the building without tele- 


“T had to fight off the 
disbelief. All you can do is be 
positive and look at the 
challenge.” 


FRANK PILUSO 
CALIFORNIA FEDERAL, INC. 


communications capability. 
“That’s 40,000 feet of coaxial cable, 
Ahntholz emphasizes. 

It turned out to be fortuitous that an 
Olin programmer brought his portable 
ham radio set to headquarters on the day 
of the fire, using the airwaves to get help 
to the stricken site, because by the time 
firefighters were finished, the company’s 
telephone system was under two feet of 
water. 

“He started shouting out to the 
world,” Ahntholz recalls, still pausing 
with some amazement about the radio 
request for cable, ‘‘and the answer came 
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back, ‘How much do you need?” ” 

Two dump trucks dispatched to 
Elmsford, N.Y., on Long Island returned 
with cable and connectors. “At this 
point, we still didn’t know if the data cen- 
ter would work. We made an educated 
guess that we would come back up.” 

AT&T and Southern New England 
Telephone Co. were contacted. In turn, 
they located an AT&T Dimension 4000 
system and sent it to Stamford on the 
back of a flatbed truck. By Sunday, 
AT&T had 400 telephones wired for busi- 
ness, including in-Wats and out-Wats 
lines for Olin’s number. By Monday 
morning, Olin was ready for business. 

Today, Olin has a hot site provided by 
Wayne, Pa.-based Sunguard Recovery 
Services, and Ahntholz conducts twice- 
a-year tests, a couple of surprise tests, 
management simulations and what-if 
workshops to keep the staff on its toes. 

There is also a telephone list, reduced 
to the size of a credit card, with the essen- 
tial numbers: sales representatives and 
their home numbers plus two additional 
people in ease the reps can’t be found; all 
the members of the MIS technical team; 
and numbers for key executives at Olin. 

“Keep the list current and three 
deep,” Ahntholz advises other managers, 
and know when to use your staff. For ex- 
ample, don’t have technical services per- 
sonnel performing nontechnical tasks 
such as handling cable, he says. Bring 
them in only when you are ready to boot 
up the operating system. 


Plague No. 2 

Just how well Olin’s preparedness train- 
ing would pay off was tested April 11, 
1985, when a valve cap on a second-floor 
toilet adjacent to the data center’s ceiling 
blew up. Two thousand gallons of water 
pushed by 85 lb of pressure per square 
inch poured out of the lavatory, down 
concrete walls, through a hole, across the 
false ceiling over the data center and col- 
lected there — until the mass of water 
just got too heavy. 

This time, while the response time to 
the disaster was fast, Ahntholz acknowl- 
edges that the recovery was not as easy. 
Friday business was reduced to taking or- 
ders and holding them for processing. 

“Tt took until noon on Saturday to re- 
environmentalize the room,” he says. 

In addition to fans set up to dry the 
data room and equipment, IBM went out 
and bought seven hair dryers for a more 
concentrated approach, according to 
Ahntholz. 

“Tt took longer than the fire did to get 
the humidity and temperature down to ac- 
ceptable levels,” he adds. 

IBM had to replace all the memory 
boards and gates in the 3081 and IBM 
3082 machines, Ahntholz recalls, and it 
was 8 a.m. Sunday before the systems 
were running again. 

In fact, Ahntholz says, Olin came 
close to being Sunguard’s first client to 
declare a disaster at that time. ‘““We 
were within 30 minutes of declaring a di- 
saster. I knew I needed 24 hours to re- 
cover at Sunguard, that I had to call at 
midnight [Saturday] to get the process 
moving. At 11:30 p.m., life came back.” 

When data processing managers 
swap disaster stories, invariably the East 
Coast is cast as the locale for most of the 
country’s fire and flood disasters while 
—— is the magnet for —— 

Ahntholz’s counterpart across 
Mississippi River, then, is wrdbably ? Frank 
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Piluso, the senior vice-president of com- 
puting and communications for California 
Federal, Inc., a diversified financial com- 
pany based in Los Angeles. 

Having implemented a recovery plan 
three years ago at Cal Fed’s savings and 
loan subsidiary in Rosemead, Calif., Pi- 
luso got to see how fail-safe it was when 
two earthquake shocks rocked the orga- 
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professional duty to describe in public 
how well recovery plans can work and 
how they can be implemented at other 
data sites. 

“It’s a moral responsibility to have a 
plan,” Piluso says. Not only do customers 
deserve that security from a vendor, but 
company employees do as well, he states. 

The savings and loan’s data base is 
used by 6,000 employees spread through- 
out California and as far east as Florida 


center is made up of a Sperry Corp. (now 
Unisys Corp.) 1194, two IBM 3081s, a 
Digital Equipment Corp. VAX 8550 anda 
Tandem Computers, Inc. TPX proces- 
sor. The library has 40,000 tapes. In addi- 
tion, the building is wired for 1,000 
phones on a Rolm Corp. CBX system. 
About 100 employees were already 
at work at 7:42 a.m. when an uncharted 
fault slipped, registering 5.9 on the 
Richter scale; and at the data center “‘it all 


and Georgia. Located on the first two 
floors of a four-story building, the data 


went down inelegantly,” according to 


Piluso. 


Trials can minimize tribulations 


THOSE WHO HAVE drafted and implemented contin- 
gency plans will agree the road to a disaster is paved with 

As the following three examples will show, a trial run 
can expose bugs and glitches in the procedure, updating 
recovery plans can save money, and if business goes on as 
usual, corporate revenues may not even experience a blip. 

Chase Manhattan Bank has about 4,000 employees 
working in its largest production facility in New York City. 
On a daily basis, these people handle an average of three 
million checks and more than 60,000 transfers of domestic 
and international funds. 

An electrical fire Jan. 4 closed the building Chase rents 
at the tip of Manhattan, but work went on without any loss 
of revenue to the company at three other offices designed 
for double duty. 

“‘We’re very cost-conscious in contingency planning: 
Don’t spend money unless you have to,” explains John Sci- 
cutella, an 18-year veteran at Chase who is in charge of 
corporate operations and systems and who has honed the 
company’s contingency plan during the years. 

Scicutella moved the fund-transfer activity to a Long 
Island Chase facility in Lake Success, N.Y., where the em- 
ployees’ lounge had been precabled for terminal hook- 
ups. ‘We just pulled the wires down through the ceiling 
and set up CRTs we had stored in the closets,” he says. 
About 500 employees were bused there daily from a cen- 
tral point in the city. 

Scicutella saw to it that data from Chase’s back office 
trading activity was moved to 80 Pine St. in Manhattan, 
where the bank operates an IBM mainframe and Digital 
Equipment Corp. minicomputer for systems development 
and enhancement. Check processing was moved to 59 
Maiden Lane, and employees worked longer hours so - 
there wouldn’t be any backlog. 

“The employees were cheery. There was no panic,” 
Scicutella says, recalling that the first business day of the 
New Year saw 135% of normal volume. ‘The customers 
were incredibly understanding. They waited the day out 
with us.” 


AT CONNECTICUT GENERAL Corp. in Windsor, 
Conn., Hollis Whitehead is systems director of disaster 
contingency planning. The insurance company, a Cigna 
Corp. subsidiary, has had two two-year contracts with 
Wayne, Pa.-based Sunguard Recovery Services for a hot 
site. Whitehead says he expects to finish negotiations for a 
five-year contract this month at a savings of $114,000, 
according to his estimates. 

“There are many areas of cost savings that can be 
achieved,” says Whitehead about updating contingency 
plans. He also will be reining in costs this year by imple- 
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menting Sunguard’s remote operations control software, 
known as the Remote Operations Controller (ROC). 
Along with multiplexers and modems, ROC will allow 
Whitehead’s staff to execute twice-yearly tests from a 
backup site in nearby Bloomfield, Conn., rather than to 
physically go to Pennsylvania. 

Instead of the $25,000 line item in his budget to send 
about 25 people to Sunguard, Whitehead estimates it will 
cost $13,000 to do the IBM CICS, batch and network 
executability tests from Bloomfield. 

In the future, the possibility exists for on-line vault 
placement of data directly into the recovery site as a fur- 
ther savings, Whitehead adds. 


IT WOULD HAVE looked like a recovery plan in prog- 
ress except that one man held a stopwatch to time a pro- 
grammer, data manager, operations supervisor and the 
hot-site operator who gathered at 9:30 a.m. Saturday, July 
18 in Culver City, Calif., for a dry run of Teleflora’s con- 
tingency plan. 

Teleflora, a subsidiary of ADI Corp. in Los Angeles, 
acts as an accounting clearinghouse for flowers ordered by 
wire. Teleflora chose a sister company, API Alarm, as its 
hot site because of compatible hardware and software. Te- 
leflora is an IBM VM/CMS shop. It uses DOS/VSE as a 
guest operating system under VM/SP with a National Ad- 
vanced Systems 8043 host. Teleflora has 12 volumes of 
3350-type and eight volumes of 3380-type direct access 
storage devices, both of which are made by Storage 
Technology Corp. 

After the 14-hour experience, the group saw a few 
wrinkles that could use some smoothing out, observes 
Larry Krietzberg, a senior systems analyst at Teleflora. 

As Krietzberg explains, the signature for receipt of 
the backup tape at a hot site must match that on the tape’s 
original deposit. 

The contract further mandated that the tape be deliv- 
ered to Teleflora’s downtown L.A. address. For this simu- 
lation, however, the signatures matched, but the recov- 
ery team was in the wrong location. 

Beyond that, Krietzberg notes, was the importance of 
having information critical to rebuilding the system readily 
available. 

For example, he says, in order to use the VM backup 
system to restore the rest of Teleflora’s user community 
data, it was necessary to have a sample of how the VM 
backup system itself was defined so it could be properly 
redefined at the hot site. 

Krietzberg also foresees the need to review and up- 
date documentation as hardware and software changes. 
He states that, overall, “there is a feeling, a need, to have 
a clear direction to go in.” — HELEN PIKE 
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Along with the equipment went the 
power, a water main on the fourth floor 
and what would gradually amount to 11 
tons of debris, including 90,000 ceiling 
tiles and 12 miles of cable. Approximate- 
ly $1.5 million worth of terminals had to 
be replaced. 

To make matters worse, Oct. 1 was 
the first day of the fourth financial quar- 
ter, and the third quarter’s notes were 
due at the Securities and Exchange Com- 
mission (SEC) branch office. “It was the 
worst possible time”’ for the quake to oc- 
cur, Piluso says, later adding, “I knew it 
was going to be a helluva day.” 

But within the first hour after the 
earth shook, Cal Fed employees under Pi- 
luso’s direction and according to his re- 
covery plan rolled out 40,000 square 
yards of plastic sheeting to cover all the 
computer areas. The plastic had been 
originally installed to protect against wa- 
ter from the sprinkler system in the event 
of a fire. 

“We saved everything but one CBX 
panel,” Piluso says. The library was 
spared because the tapes were hung in 
prebuilt, cross-braced cabinets designed 
to withstand seismic shocks. 

One hour later, the contingency plan 
was activated, requiring Piluso to call cor- 
porate headquarters with a status report 
of what happened and what needed to be 
done. 


Covering all the bases 

Among other things, the plan estab- 
lished the parent company’s Los Angeles 
headquarters as a command center to 
handle business and anxious inquiries 
from users and customers alike. An un- 
derstanding was reached with the SEC. 
Furthermore, drinking water, portable 
johns, walkie-talkies, food and cash were 
supplied to the 450 recovery workers, 
including vendors, technicians, laborers 
and electricians, through 29 nonstop 
hours of work. 

At the end of that time period, every 
piece of equipment had been recertified, 
Piluso says. By 8:45 a.m. Oct. 2, power 
came back, and by 1 p.m., the automatic 
teller machines were back on-line. The 
data base was intact, and it was business 
as usual — until Saturday night. 

While an exhausted Piluso slept, a 
second shock reverberated through what 
is now called the Whittier Narrows. This 
time, it was a 5.5 on the Richter scale. 

“T had to fight off the disbelief,” Pi- 
luso recalls. “‘All you can do is be positive 
and look at the challenge.” This time re- 
covery only took nine hours. 

As a goodwill gesture in the earth- 
quake’s aftermath, Cal Fed’s chief admin- 
istrative officer had T-shirts printed up 
for everyone with the motto: “We beat 
the quake with teamwork.” They were 
placed on each employee’s desk Monday 
morning along with a vase containing 
three carnations. 

“The morale is still high,” Piluso said 
when contacted in early February. 

Cal Fed’s contingency plan also in- 
cluded a Sunguard hot site in Rancho Ber- 
nardo, Calif., and a disaster recovery 
service in Phoenix designed by Piluso for 
the Sperry mainframe. Employees had 
been sent to both sites to await the recov- 
ery outcome. 

Piluso, who also does quarterly simu- 
lated tests, reemphasizes one of his main 
points: “‘A lot of data processing types 
think it won’t happen to them. But I 
wasn’t singled out by God.” * 
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How much is enough? Expert says 
security efforts should pay, not cost 


BY WILLIAM MURRAY 
SPECIAL TO CW FOCUS 


Maintaining the delicate bal- 
ance between spending too 
much or too little on data and 
computer security is an art. Be- 
cause it is easy to misjudge 
which areas will require what 
amount of security, MIS should 
follow one basic rule of thumb: 
Security should pay — not 
cost. As with other facets of busi- 
ness, management should in- 
vest in security only to the ex- 
tent that the money put in will 
eventually contribute to the or- 
ganization’s overall goals. 

A successful security pro- 
gram adds to these objectives by 
reducing losses and risks. If the 
losses it prevents or mitigates 
are greater than the security 
system’s cost, then it has made a 
net contribution to profits. 

Security can be defined as a 
“condition of safety.”” To 
achieve this condition, manage- 
ment must accomplish certain 
tasks. In this context, security 
is used to refer to all of the provi- 
sions that management makes 
for the integrity and confidenti- 
ality of data and for the continu- 
ity of the business during any 
loss of critical services. 


Murray is a consultant and manage- 
ment trainer specializing in computer 
and data security. He is associated with 
Ernst & Whinney as a Fellow in Informa- 
tion System Security. He has more than 
30 years’ experience in data processing 
and more than 20 years in security. 


Because the computer is re- 
sponsible for storing and pro- 
cessing most of a business’s 
data and because the business 
depends heavily on it, there is a 
temptation to try to deal with se- 
curity solely as a computer 
problem. However, an organiza- 
tion should look at security as a 
business problem as well. 

In most cases, it is not the 
cost of security or even the cost 
of losses that should concern 
management but rather the sum 
of the two factors (see chart). 
MIS should want its organization 
operating at the point at which 
the total cost (losses plus the 
cost of security measures) is at 
a minimum. Focusing on one fac- 
tor in lieu of the other can be a 
costly mistake. For example, if a 
company does not pay for fire 
alarms and extinguishers (secu- 
rity measures), then it is more 
likely to pay for fires (losses). 


Diminishing returns 

The upward swing of the secu- 
rity curve suggests that the 
more secure a firm becomes, 
the more the next increment will 
cost. This situation reflects the 
law of diminishing returns; that 
is, there is a very high return on 
the first security dollar spent, 
but subsequently, it will take 
more and more dollars to buy 
what you need. It costs more to 
reduce the expected rate of fire 
from one in 19 years to one in 
20 years than it does to reduce 
that same rate from one in nine 
years to one in 10 years. The 
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only way to be 100% secure is 
to incur infinite costs. 

Conversely, a company does 
not get the same reduction in 
risk from fire extinguishers 
991 through 1,000 that it does 
from one through 10. 

In the chart, the slope of the 
total cost curve is very steep. 
This suggests that an efficient 
program does not happen by ac- 
cident; it requires constant 
management attention. 

Because the slope is steep, 
firms will get a big return on 
whatever management or staff 
time they invest. Although the 
return on the time managers 
spend acquiring and maintaining 
security measures is not likely 
to exceed the return on the time 
managers devote to their pri-’ 
mary business objectives, nei- 
ther is it trivial. 

Of course, a technology loss 
or a fire does not occur ona regu- 
lar basis. Finding out how to 
spend the right amount of time 
and resources is complicated by 
the fact that security deals with 
events that have uncertain con- 
sequences and rates of occur- 
rence. Furthermore, budgets 
assume that this year’s spending 
will bear some resemblance to 
that of last year. 

But there is a method that 
will allow MIS to ac- 
count for the unexpect- 
ed in its business plan. 
By multiplying the esti- 
mated cost of a loss by 
its rate of occurrence 
(times per year), MIS 
can estimate the annual 
loss expectancy. 

The loss curve rep- 
resented in the chart is 
smooth only for very 
large organizations or 
across long periods of 
time. For smaller com- 
panies, the curve would 
be very irregular. That 
is, losses do not occur in 
small, regular incre- 
ments over time; orga- 
nizations can expect to 
take some big hits infre- 
quently and irregularly. 

To calculate the 
chances of facing a situ- 
ation in which a company’s se- 
curity plans must go into effect, 
MIS can divide the possibilities 
into four categories, as follows: 
¢ High rate of occurrence with 
high consequences. 
© Low rate of occurrence with 
low consequences. 
¢ High rate of occurrence with 
low consequences. 
© Low rate of occurrence with 
high consequences. 

Fortunately, events with 
devastating consequences do not 
happen often. Therefore, the 
high rate/high consequence cat- 
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egory can be discounted. Com- 
panies can also afford to ignore 
incidents that seldom happen 
and that have limited cost. It is 
on the remaining two catego- 
ries — high rate/low conse- 
quence and low rate/high con- 
sequence — that security 
measures should be focused. 

Devastating events that sel- 
dom occur should be covered by 
insurance. Businesses should 
have insurance to spread the 
cost of such an event over time 
and across organizations. Very 
large firms can afford to self-in- 
sure. They have a sufficient 
number of facilities to absorb a 
loss. For example, while a large 
oil refiner might insure against 
the loss of an entire refinery, it 
may plan to absorb the loss of 
one tank. Similarly, IBM or Gen- 
eral Motors Corp. can absorb 
the loss of one computer. 

It is the events that have low 
consequences but occur with rel- 
atively high frequency that cost 
the greatest amount of money. 
These losses are due to inci- 
dents such as pilferage or errors 
that happen with measurable 
frequency and cost. 

For example, in distribution 
and manufacturing, the cost of 
pilferage is significant. And as 
much as 25% of the cost of data 
processing operations may be 
consumed in correcting errors 
or making protective, backup 
copies. While many point to com- 
puter crime as a justification for 
security measures, often it is the 
real and measurable cost of er- 


The sum of its parts 
Management must factor in both 
the cost of security and the cost of losses 


Total cost curve 


Increased security features > 


rors that may underscore the 
need for security. Anecdotal 
data suggests that many com- 
puter crimes had their origins 
in innocent errors to which man- 
agement failed to respond. 
Management can safely ap- 
ply the first and inexpensive in- 
crements of common security 
measures to alleviate these high- 
frequency low-consequence 
events without fear of over- 
spending. For example, exclud- 
ing programmers from the com- 
puter room is not expensive 
and, for its cost, provides a sub- 


stantial risk reduction. 

However, expensive mea- 
sures, particularly those that ad- 
dress limited exposures or that 
have risks of their own, should 
be applied only after they have 
been justified with a rigorous 
risk assessment. Such a risk as- 
sessment compares the loss ex- 
pectancy with the direct cost of 
the measure and chooses the 
lowest cost option. In-house se- 
curity staffs or outside consul- 
tants can provide risk analyses. 

An example of a measure re- 
quiring justification through a 
risk assessment would be the 
installation of uninterruptible 
power supplies (UPS). In this 
case, there is only one risk, the 
loss of electrical power. De- 
pending on geography, the fre- 
quency of occurrence of a pow- 
er loss can vary significantly. 
The risk also has a wide range 
of effect, depending on the dura- 
tion of an outage, from millisec- 
onds to hours. The conse- 
quences also vary from that of a 
nuisance to a catastrophe. 

There are a number of alter- 
natives to ensure uptime, from 
dual sources to flywheels to 
batteries to generators. The so- 
lutions range in cost from tens 
of thousands to millions of dol- 
lars. Each alternative intro- 
duces some risk of its own that 
would not be there in its ab- 
sence. For example, one new 
UPS caused one outage for ev- 
ery 50 that it prevented. Howev- 
er, when it was 10 years old, it 
caused one outage for every 10 
that it prevented. At 
this point the trade-offs 
of the UPS’s effective- 
ness become marginal. 

Because the pros 
and cons of various se- 
curity measures may 
be difficult to specify 
and accept, MIS pro- 
fessionals need to care- 
fully examine the eco- 
nomic risks of acquiring 
security solutions. It 
should be clear that 
measures such as 
these must be carefully 
justified, engineered 
and accepted. 

Security provisions 
are usually more effi- 
cient if they apply an 
inexpensive measure 
broaaly than if they 
apply an expensive 
measure narrowly. 
Thus, it is generally better to ap- 
ply passwords and ports to all 
users than it is to apply signature 
verification to privileged users 
and ports. Likewise, business- 
wide measures are more effi- 
cient than those limited to DP 
activity. 

Remember, security is a 
business issue, not a technology 
issue. When understood and 
well managed, the idea of securi- 
ty is to maximize protection for 
the least cost. It is as important 
to avoid overspending as it is to 
minimize losses. + 
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Checking 
your systems’ 


vital signs 


BY STAN KOLODZIEJ 


Monitors pinpoint critical weaknesses 


ine-tuning is the name of the game with large computer sys- 


tems. In these days of fiscal responsibility, corporations are 


looking to their information systems departments to toe the line 


and squeeze better performance from existing machines. To help them 


do this, MIS professionals are turning to the growing market of per- 


formance monitors, software tools that delve into systems and pin- 


point crucial performance weaknesses. 

The result is a booming market. Perfor- 
mance monitors enable a person to plug directly 
into the day-to-day operations of a CPU and 
keep an on-line pulse of how that CPU is han- 
dling I/O channels, direct access storage device 
(DASD) use and paging. They also show the 
amount of resources users and programmers 


Kolodziej is Computerworld Focus's senior editor. 


are chewing up in task activities, as well as a va- 
riety of other performance statistics for single- 
or multiple-system platforms. 

“IT know right away when a programmer 
might be unwittingly running a program in a 
loop, or when a user is running away with sys- 
tem resources,” according to Louise Kirby, sys- 
tems manager at the Bank of Vermont in Wi- 
nooski, Vt. “Monitoring gives us an instant 
insight.” 
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Dean Prokos, systems programming 
manager at United States Surgical Corp. 
in Norwalk, Conn., is using a performance 
monitor to oversee three CPUs, one run- 
ning under IBM’s CMS and the other two 
running under IBM’s VSE environments. 

“The performance monitor gives us 
on-line reports about CPU utilization, 
dual-processing performance, device use 
andsoon,” he says. “It’s invaluable.” 

Both Kirby and Prokos, who use Vital 
Signs, a performance monitor from Blue 
Line Software, Inc. in Minneapolis, also 
say that monitoring results are playing a 
bigger role in their firms’ overall systems 
capacity planning, something in which 
they are not alone. 

“Most of our customers are vastly 
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more concerned about performance mon- 
itoring now than they were a couple of 
years ago,” explains Jeff Bernard, perfor- 
mance product family manager at Colum- 
bus, Ohio-based Goal Systems Interna- 
tional, Inc., which produces the Explore 
family of performance monitors. 

“There is a necessity now of knowing 
where your system is at all times, espe- 
cially with IBM’s CICS systems, which 
are popular for day-to-day transaction 
processing,” he says. “A performance 
monitoring system that lets you get into 
your CICS system when it’s hung and lets 
you cancel the transaction that’s screw- 
ing up your system is of enormous benefit. 
Downtime runs about 15 minutes to 90 
minutes in the large IBM MVS shop, and 


that could take thousands of terminals out 
of service. Uptime is all-important.” 

A system crash could have further 
long-term consequences. It could serious- 
ly affect corporate service-level agree- 
ments, which are agreements between 
one internal organization and another 
covering system uptime as well as capaci- 
ty planning, which Bernard says is where 
the performance field is heading. 


10% of your time 

“As a systems programmer, you almost 
have to dedicate a percentage of your 
time, perhaps 10%, just to monitoring 
what’s going on and watching your sys- 
tem and tuning it as you go, ” Bernard ex- 
plains. “You can do all the capacity plan- 
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ning in the world, but if you don’t tune 
your system properly, you’re never going 
to get anywhere.”’ 

As for service-level agreements, Ber- 
nard says that if a company is serious 
about accountability with service con- 
tracts, performance monitors can enable 
it to meet those contracts. Otherwise, 
people could lose their jobs if they are con- 
sistently unable to maintain the perfor- 
mance levels indicated in the contract. 

“At the Computer Measurement 
Group ’87 meeting in November, there 
was a consensus that, should the economy 
take a downturn, there would be more re- 
liance on performance monitors to help 
people maintain contracted response 
time,” explains Van Morris, Goal Sys- 
tems’ director of marketing for its data 
center management division. ‘“The pro- 
fession of capacity planning has really tak- 
en leaps and bounds in the last five years.” 

Korak Mitra, a product manager at 
Palo Alto, Calif.-based Hewlett-Packard 
Co., says many customers of HP’s On- 
Line Performance Tool performance 
monitor have reached critical mass with 
the number of systems they have and are 
looking for ways to better utilize existing 
machines through capacity planning. 

“Companies tend to have longer plan- 
ning cycles now,” Mitra explains. ‘‘Per- 
formance monitors let them plan for fu- 
ture hardware and software upgrades. 
They let them pinpoint trends and how re- 
sources are now being utilized. Most of 
those who are doing this are larger cus- 
tomers with big systems.” 

Big systems, indeed, and part of a big 
mainframe market awaiting vendors of 
performance monitors. 

International Data Corp., a Framing- 
ham, Mass., research outfit, has pegged 
the 1987 worldwide installed base of 
mainframe systems at 25,000, compared 
with 19,000 systems operating world- 
wide in 1985. Some analysts argue, and 
maybe rightly so, that the widespread in- 
stallation of microcomputers has only 
strengthened the need for corporate 
mainframes to handle micro-to-main- 
frame links and networking facilities. 

Boole & Babbage, Inc., a Sunnyvale, 
Calif., vendor of performance monitors, 


“There is a necessity now of 
knowing where your system is 
at all times. . . . Uptime is all- 
important.” 


JEFF BERNARD 
GOAL SYSTEMS INTERNATIONAL, INC. 


claims that more than 70% of these main- 
frame systems will incorporate IBM or 
IBM-compatible hardware. That is signif- 
icant because the IBM CICS and IMS pro- 
cessing environments running under IBM 
MVS and VM are the bread and butter of 
the performance monitor market. 

So it goes for Marsha Sachs, manager 
of systems software at Richmond, Va.- 
based paper products manufacturer 
James River Corp. Sachs says her compa- 
ny has been using The Monitor for CICS, 
a performance package from Landmark 
Systems Corp. in Springfield, Va., for 
three years to monitor CPU utilization, 
I/O use and job accounting statistics. 

“Everything changed when we were 
looking to buy our second CPU,” Sachs 
says. “‘At that point, we had to do a lot of 
selling to our upper level management to 
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justify the second system. That’s 
when capacity planning and the 
monitoring stats became very 
important. The performance 
stats we were keeping with The 
Monitor were used to present 
system use graphs and trends to 
upper management. That con- 
vinced them that a second sys- 
tem was necessary.” 

Despite VM’s appeal, IBM’s 
MVS large systems operating 
environment has _ generated 
most of the activity in perfor- 
mance monitor systems, and lit- 
tle wonder. Introduced in 1975, 
MVS is IBM’s flagship operating 
system and has enjoyed an al- 
most unchallenged reign as the 
dominant environment in U.S. 
mainframe computing. 

During the years, however, 
IBM’s attempt to bolster MVS’s 
weak points, such as resource al- 
location, added a great deal of 
processing baggage along the 
way, creating a difficult environ- 
ment for systems programmers 
to manage. In a way, the success 
of MVS has also caused its repu- 
tation for unmanageability, be- 
cause MVS has been used more 
and more to handle heavy 
throughput applications pro- 
gramming in recent years. 

Both IMS and CICS transac- 
tions developed under MVS 
have also become more compli- 
cated, generating higher vol- 
umes of transactions, requiring 
higher degrees of system avail- 
ability and powerful program- 
switching capabilities and need- 
ing higher levels of built-in 
facilities that would ensure data 
integrity. 

IBM might not be in any hur- 
ry, however, to put a premium 
on streamlining MVS and offer- 
ing performance monitoring fea- 
tures. 

“IBM is in the business of 
selling hardware and MIPS,” 
says David Thomas, technology 
analyst at New York brokerage 
firm Hambrecht & Quist, Inc. 
“The more inefficient the oper- 
ating system, the more hard- 
ware and MIPS IBM can sell.” 

To give an indication of how 
MVS falls short in performance 
monitoring, the operating sys- 
tem does not even have built-in 
features for detecting shortages 
in common storage areas, a situ- 
ation that occurs often in large 
systems use. Many third-party 
monitors can give an operator a 
warning before such a situation 
becomes damaging, but with 
MVS, there is no way to detect a 
critical common storage area sit- 
uation unless the operator is spe- 
cifically looking at it. 

Some users feel that IBM has 
also stumbled with its VM per- 
formance monitoring. “We tried 
using IBM’s VM MAP monitor- 
ing system,” Kirby explains, 
“but it was like conducting an au- 
topsy. Everything was examined 
after the fact, after the damage 
was done. VM MAP is just not in- 
teractive enough.” 

Kirby says that one of her big- 
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gest concerns is monitoring 
DASD use, something that ranks 
high on many systems profes- 
sionals’ lists, especially those 
people working in the CICS pro- 
gram development environment 
in which DASD use is heavy. 

IBM, for example, has indi- 
cated that more than 75% of sys- 
tem response time performance 
problems can be traced to the 
DASD I/O subsystem. 

And Boole & Babbage says a 
recent survey of its international 
user base revealed that DASD 
contention is perceived as the 
most significant cause of CICS 
performance problems, with in- 
adequate capacity planning a 
close second. 


Big changes 

According to Ian Riddle, manag- 
er of international marketing at 
Boole & Babbage, nearly 80% of 
the companies contacted indicat- 
ed that they would be making 
hardware changes in the next 
year and a half, with 50% chang- 
ing processors and another 50% 
upgrading their DASD configu- 
rations. A total of four out of five 
respondents were planning on 
doing both. 

“CICS sites represent a 
growing market for DASD man- 
ufacturers,” Riddle says, “but 
those users of performance mon- 
itoring tools also indicated that 
their current DASD perfor- 
mance data was inadequate and 
that there was a need for greater 
ease of use and less restrictive 
batch analysis and reporting.”’ 

Seek time was once pointed 
to as the primary candidate for 
DASD performance tuning, but 
seek time has been improved 
dramatically by IBM’s recent re- 
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In the spotlight 


A sampling of performance monitors 


Computer and 
Vendor Operating System 


ADR/Look, an on-line diagnos- 
tic and troubleshooting tool that 
also monitors ADR’s Datacom 
relational data base manage- 
ment system. 

CMF, an on-line capacity 
planning system that includes 
data collection, data 
manipulation, applications 
analysis and data center 
reporting components. 


Omegamon/CICS, a CICS/VM 
monitor designed to maximize 
transaction-oriented configura- 
tions of large IBM main- 
frames. Supports up to 99 
CICS regions. 


Alert/CICS, a menu-based 
on-line monitor focusing 
on three levels: system, 
terminal and operation 
resources. 


The Monitor for CICS, an 
on-line and batch facility 
operating in a single, screen- 
oriented environment. 


leases of faster storage devices. 

Instead, path contention de- 
lay is now being isolated as the 
leading culprit in DASD perfor- 
mance problems. Path conten- 
tion delay increases with more 
data path utilization, concurrent 
requests and shared DASD. De- 
lays occur when an I/O path is 
unavailable at the same instant 
the device is trying to reconnect 
for data transfer. 

When this happens, the de- 
vice must keep rotating until the 
requested data passes under the 
read/write head and the path is 
available for data transfer. But 
when such misses start piling up, 
big delays result in system ser- 
vice times, and trouble begins 
down the line. 

Most performance monitor- 
ing tools on the market, howev- 
er, offer components that keep 
track of DASD activity, and a 
few, such as Boole & Babbage’s 
DASD Advisor, have been un- 
bundled and sold separately to 
handle DASD fine-tuning specifi- 
cally. 
DASD is also another area in 
which MVS fails in function. For 
example, if a systems application 
schedules a reserve against a 
DASD volume and if that reserve 
is held too long, it will create a 
performance problem on the 
other side of the system. This is 
a fairly common system occur- 
rence. 


out which job holds the reserve is 
pretty much a hit-or-miss propo- 
sition. Every job allocated to the 
specified device must be dis- 
played and then canceled individ- 
ually until the job holding the re- 
serve is located, usually through 
a process of elimination. Perfor- 
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Under MVS, trying to find 


Any IBM 370-class mainframe 
or compatible running under 
IBM DOS/VS, DOS/VSE, 
VSE, SP2, MVS or MVS/XA. 


Any IBM 370, 3030, 3080 and 
3090 series, 4300 or 
compatible running under 
MVS Release 3.8 and above. 


Any 370, 3030, 3080 and 
3090 series, 4300 or compati- 
ble running under DOS/VS, 
DOS/VSE, MVS or MVS/XA. 


Any 370, 3030, 3080 

and 3090 series, 4300 or 
compatible running DOS/VSE, 
OS/VSI or MVS supporting 
CICS/VS 1.5 or higher. 


Any 370-class computer or 
compatible supporting the IBM 
CICS/VS communications 
monitor. 





Price 
From $12,600 for a basic ADR/ 
Look system running under 
DOS/VS or DOS/VSE to 
$47,200 for a fully configured 
system under MVS. 


$72,000 for the total system. 


From $5,900 for a basic 
DOS/VSE version to $52,500 
for a fully configured MVS 
system. 


From $9,100 for a single 
CPU with DOS/VSE license to 
$14,980 for the MVS version. 


From $8,000 for a single-site 
DOS/VSE permanent license to 
$21,000 for a similar MVS 
license. 
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mance monitors, however, can 
pinpoint these jobs on the spot. 

In larger systems use, in 
which an I/O subsystem (of 
which DASD is a part) can be- 
come a bewildering network of 
hundreds of devices and path 
mazes, expert systems technol- 
ogy is now being considered. 
This technology is seen as a way 
to better analyze the hundreds of 
rules that govern systems and 
DASD performance tuning. 

According to Goal Systems’ 
Morris and Bernard, expert sys- 
tems technology is desperately 
needed in I/O performance mon- 
itoring to quickly read and inter- 
pret critical data from the bur- 
geoning volumes of statistics 
being presented to the program- 
mer and operator with monitor- 
ing systems. 

“Expert systems technology, 
such as degradation analysis, will 
become more important in sys- 
tems performance monitoring,” 
Morris says. “Expert systems 
are going to enable more ad- 
vanced information processing, 
because users will be able to 
specify certain sets of rules or, if 
they have service contracts, 
specified amounts of uptime. 


Then the expert systems will 
automatically take the steps to 
help them make sure they get 
their performance rules an- 
swered and fulfill their con- 
tracts.” 

With a lot of market attention 
being focused on DB2, IBM’s re- 
lational data base management 
system, this might be a good op- 
portunity to improve on IBM’s 
own DB/2 Performance Moni- 
toring System that some ana- 
lysts, including Shaku Atre, 
president of Atre International 
Consultants, Inc. in Rye, N.Y., 
claim devours too many system 
resources. 

Some performance monitor 
vendors, such as Landmark Sys- 
tems, already have introduced 
DB/2 interfaces to their moni- 
toring systems, but not all ven- 
dors are ready just yet to jump on 
the relational bandwagon. 

“Based on our market stud- 
ies,” Morris explains, ““DB/2 is 
something a lot of people are 
looking at but few have actually 
implemented. 

“‘We think there’s more than 
enough for performance moni- 
tors to handle in existing sys- 
tems environments.” * 
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No parking: Former garage 
cmnastedtesteragenallty 


By MICHAEL TUCKER 
Elsewhere in this issue of Fo- 
cus, you'll find an article on one 
of the Iron Mountain Group, 
Inc.’s secure storage facilities, 
which is located in the safest 
possible place — a rural setting 
physically removed from the 
customer’s own MIS site. In the- 
ory, with this type of setup, 


yet, your records would remain 
intact. 


But what if your security re- 
quirements are restricted? Sup- 
pose you absolutely must have 
your data within the same urban 
area as your office? Suppose, 
too, that you are storing not only 
records and magnetic media 
but other things as well? Perhaps 
yours is a company that main- 
tains an inventory of small but 
~ valuable goods — coins or ob- 
jets d’art. 

What you need, then, is 
some kind of storage that falls 
between a safety deposit box 
and a warehouse. It must be se- 

cure, close by and in- 


Boston's Fortress, a secure 
haven overlooks the city bustle 


secure storage business. In the 
process, they discovered an 
abandoned parking garage in 
Miami. 

In 1963, this garage had 


drive their cars into the facility 
and park them in metal cages in- 
side special shafts, rather like 
elevator shafts. Many cages, 


parked, the auto and its cage 
would lift up into the shaft, and 


PRODUCT CLOSE-UP 


NSA backs encoding tool 


The Custom Integrated Circuits 
Division of Melbourne, Fla.- 
based Harris Corp. has an- 
nounced the HS3447 Cypher I, 
an encryption/decryption device 
endorsed by the National Securi- 


tive to secure internal communi- 
cations; the Commercial Comsec 
Endorsement Program enables 
government contractors to pro- 
cure secure communications 
equipment directly 


ty Agency (NSA) and used in ap- 
plications to secure sensitive but 
unclassified information. 

Harris said the Cypher I was 
designed and developed follow- 


On-line backup minus 
the expense and 
transportation woes. 


from commercial 
manufacturers.) 
Harris claimed that 
the Cypher I can be 
used in standard en- | Story, page 36. 


ing the Department of Defense’s 
ON304455 encryption algo- 
rithm and offers an alternative to 
National Bureau of Standards’ 
Data Encryption Standard de- 
vices. 

Cypher I reportedly operates 
at data rates up to 20M bit/sec. 
and is integrated into communi- 
cations equipment through the 
NSA Commercial Comsec En- 
dorsement Program. (Comsec 
stands for communication secu- 
rity, a U.S. government direc- 


cryption applications or in 
spread-spectrum communica- 
tions applications. Spread spec- 
trum is a modulation technique 
that prevents signal jamming 
and interference because it wid- 
ens the transmission bandwidth 
to make it larger than the trans- 
mitted signal bandwidth. 

Cypher I was designed to en- 
crypt and decrypt a serial data 
stream using an NSA-endorsed 
algorithm, The device encrypts a 

Continued on page 39 
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City-based storage 
facility is a 


expensive. That last 
requirement is the 
warehouse, safety | hardest to find be- 
; 3 cause it means the 
deposit box hybrid. | storage facility, which 
probably exists on some of the 


an empty cage would come in 
from below. When the custom- 
ers returned for their cars, the 
proper containers would rotate 
back to the garage door. 

For a variety of reasons, the 


Clash of the units 
Brian Jeffery 


most expensive ground in the 
world — downtown real estate 
in a major urban area — would 
not be charging the rent that 
normally goes with its location. 

Fortunately, services exist 
to fit this particular bill. One such 
facility is The Fortress Corp., 
based in Miami with a division in 
Boston (expansion plans in- 
clude New York and other major 
metropolitan areas). 

The Fortress exists to pro- 
vide what its founders call ‘“‘mu- 
seum-quality storage” within 
the central business districts of 
major cities. To do this, the or- 


but that is nearly 20 years old. 
In the early 1980s, the For- 
tress’s founders, brothers James 
N. Levis and Ladd Levis- 
Thorne, began to look into the 


Tucker is Computerworld Focus’s fea- 
tures editor. 


garage failed and the technology 
was forgotten. After a heroic 
effort, Levis and Levis-Thorne 
managed to reassemble the 
long unused parking system and 
to improve it. They also applied 
it to storage. In particular, they 


Today, each Fortress instal- 
lation is a tower several stories 
tall. In its core is a standard me- 
dia vault. Along the periphery 
there is a series of shafts full of 
secure containers. To use the 
system, customers must first 

pass through a checkpoint at a 
| aieenamanbtantee 
an armed guard in the lobby. 
Once cleared and identified, 
customers proceed with an at- 
tendant to a shaft door and, 
rather than going to their stor- 
age room, their storage room 
comes to them. 

The result is a system that is 


ew, im- 
proved 
IBM. With 
30% more 

efficient decision making. 

Enriched With the new 


other leading brands. And now 
available in the the new enter- 
prise size. Hurry while stocks 
last. (Offer not available in Wis- 
consin.) 

Now that the dust has settled 
on the IBM reorganization, it is 
time to look past the marketing 
hoopla and see what, if anything, 
has really changed. 

The place to start is IBM cor- 
porate management. Before the 
reorganization, there was a small 
corporate management commit- 
tee that acted as the inner sanc- 
tum of IBM decision making. 
That situation hasn’t changed; 


Continued on page 36 | John Akers is still firmly in 
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charge, Jack Kuehler and 
Allen Krowe are still his 
main No. 2 men and Ka- 
spar Cassani (as overseer 
of the World Trade groups 
and marketing and two 
years from retirement), David 
McKinney (in the old Buck Rog- 
ers role as head of corporate 
staff operations) and Frank Metz 
(in the old Krowe role as chief fi- 
nance man) still remain. No real 
changes here, but certainly 
striking personalities to share 
the decision making authority. 
The continued role of Krowe 
in IBM top management is worth 
thinking about, though. Krowe is 
generally regarded as the archi- 
tect of IBM’s disastrous financial 
strategy from 1982 to 1985, 
when the firm converted its 
rental income to sales too rapid- 
ly. He doesn’t seem to have been 
penalized for that. But then, he is 
Continued on page 38 
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inexpensive — one can get a section of a 
container for less than $50 — and re- 
markably secure. Consider, for instance, 
the difficulties a thief would have getting 
at any particular record or valuable. Even 
if he made it past the wall, the check- 
points, the alarms, various sound and mo- 
tion detectors in the building and the 
guard, he would still have no idea where in 
the tower any specific container was lo- 
cated within a shaft. It could be at the top, 
the bottom or anywhere in between. 

Then even if he discovered the con- 
tainer he wanted and knew where it was, 
he would have to bring it into the lobby. 
That would mean that he would either 
have to operate the storage machinery 
himself, which he could not do without 
raising an alarm, or else obtain the assis- 
tance of Fortress personnel, which he 
could not do without being seen. 

His only other option would be to enter 
the shaft and climb through the contain- 
ers to reach his prize. That, however, 
would require the skill of an acrobat, or a 
death wish, for at any moment the ma- 
chinery might swing into action and 
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Data backup with a twist 


‘Televaulting’is an alternate to vaults, dual data centers 


plunge him to the bottom of the shaft. 

A Fortress building is also immune 
from most acts of God. While it could be 
destroyed by major catastrophies like 
earthquakes, it’s still reasonably safe 
from the garden-variety disasters. For 
example, it is spared electrical threats be- 
cause its machinery is anchored deep 
within the earth, and thus, as an acciden- 
tal side effect of its design, it is about as 
grounded as an installation can be. 

Moreover, the Fortress contains the 
usual automatic defenses against fire, 
with the added kicker that should a fire 
get started in one of the containers, it 
could be rotated to the top of the building, 
where it would burn out harmlessly. The 
rest of the installation would probably not 
even feel the heat. 

Of course, no building is ever com- 
pletely safe from misfortune or human en- 
emies sufficiently determined to over- 
come any resistance. However, The 
Fortress facilities show what can be done 
to provide security even within what 
might otherwise seem insecure surround- 
ings. It is, in short, the sort of installation 
that MIS officers might wish to study giv- 
en the fact that their glass houses fre- 
quently occupy similar surroundings and 
face similar threats. 
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Today, preparing for a disaster may mean 
one of two things for MIS: vaults or dual 
data centers. If a company is very large 
and very rich, then it may take the latter 
strategy, maintain two DP centers and 
link them via a network. If one system 
goes down, the other should survive. 

The dual data center approach is rela- 
tively foolproof but expensive. More of- 
ten, MIS simply tries to protect its backup 
tape records. MIS can contract with a 
protection service to physically remove 


| its magnetic media toa secure location. 


Now, however, Total Assets Protec- 
tion, Inc. in Arlington, Texas, is offering a 
middle path between these two strate- 
gies. Operating via a new subsidiary, Te- 
levault Technology, Inc., also based in Ar- 
lington, Total Assets Protection is about 
to introduce what it calls a ‘“‘televaulting”’ 
route to data security. 

Although it sounds like an event from 
some future version of the Olympics, tele- 
vaulting is a simple concept. When you 
sign up as a client of their service, Total 
Assets and Televault Technology set up a 


direct, high-speed T3 data link via a fiber- 
optic cable between your system and one 
of their secure installations. 

At your site, a connector is placed at 
every workstation, terminal or personal 
computer. Once the system is in place, 
each keystroke an employee makes is re- 
corded and transmitted to the Televault 
system. Without the risk of physically 
transporting your tapes and without the 
expense of a second mainframe, you can 
have an on-line record of everything that 
happens at every keyboard in your build- 
ing. Moreover, because Televault is sim- 
ply recording those keystrokes, the data 
is stored according to your tape manage- 
ment system, potentially eliminating any 
crude conversion problems. 

You can then access those tapes any 
time and in pretty much any way you like. 
You can even have them transmitted back 
to you via the T3 line. 

Prices for the service vary according 
to the installation and distance from Tele- 
vault. — MICHAEL TUCKER 
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Low-tech path to high security 


Personal computers have created a whole 
new nightmare in data security. Where it 
is relatively easy to safeguard mainframe 
data, doing the same for PC data is almost 
impossible. Information in PCs can be 
copied, bugged, tapped and spied on with 
maddening ease. But what may be the 
most embarrassing threat of all is that a 
PC can be physically picked up and stolen. 
The data within it could be protected by 
all manner of sophisticated devices and 
still be vulnerable to a bit of common sec- 
ond-story work. 

As a result, there has been a renewed 
interest in low-tech responses to this 
high-tech threat. For instance, a number 
of vendors are marketing vari- 
ous locks and restraints that re- 
duce the chances of a PC being 
lifted by a thief. Qualtec Data 
Products, Inc. in Santa Clara, 
Calif., for instance, offers a line 
of cable, security plates and pad- 
locks that can be used to fasten a 
PC to a desk or a wall. Qualtec’s 
products range from $8 to $99. 

There are number of other 
vendors with similar products, 
but the common characteristic of 
all these firms is that they are in 
the hardware business in a precomputer 
sense of the term. Their products provide 
a physical response to a physical threat. 
As such, these offerings can be overcome 
by a thief equipped with enough determi- 
nation and a good hacksaw. 

Therefore, the real value of these 
products is that they make computer 
theft a more complex affair than it might 
be otherwise. These devices make certain 
that computers will not be stolen on a lark 
and may slow down a professional thief 
long enough for other measures, such as 
alarms or guards, to come into play. 

Another low-tech response to PC se- 
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curity deals with physical media. One of 
the major problems in PC data security is 
that every disk is similar in appearance. A 
floppy with a vital customer record on it 
may look identical to one that contains 
nothing but a few outdated ASCII files. 

So several companies are offering col- 
or-coded disks and diskettes. It is an in- 
credibly simple idea, but as minor a thing 
as having classified material on bright red 
media can actually go far to reduce theft. 
Kao Corp., a Tokyo-based industrial com- 
bine whose U.S. division is located in 
Mountain View, Calif., is one company of- 
fering a line of such brightly colored disks 
and diskettes. 

PCs are also particularly dia- 
bolic in that they produce scads 
_| of printouts. Increasingly, the 
easiest way to steal data is to vis- 
it a trash can. Thus, a good docu- 
meiht shredder is becoming part 
of the standard operating equip- 

ment of any MIS shop. 
} Simple shredders slice paper 
into long strips. For most opera- 
tions, that level of security is 
enough. But shredders can be 
overcome. A famous example of 
that fact is the takeover of the 
U.S. embassy in Iran in 1979. At that 
time, several classified documents were 
shredded before they fell into the hands of 
Iranian militants. The militants then pro- 
ceded to painstakingly paste the docu- 

ments back together again. 

Thus, MIS shops with sensitive docu- 
ments may wish to investigate machines 
that go even further to make information 
on paper unreadable. Some firms, such as 
Security Engineered Machinery, Inc. in 
Westboro, Mass., offer grinders that can 
turn documents into a fine, sand-like pow- 
der. — MICHAEL TUCKER 
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PRODUCT CHECKLIST 


Thumbscan, Inc. has an- 
nounced the Boot family of secu- 
rity access products for personal 
computers. 

PCboot and Lanboot re- 
strict access to individual PCs or 
local-area networks. Dealer- 
boot adds a timing capability 
that lets dealers enforce trial pe- 
riods for hardware and software. 

PCboot and Lanboot can pre- 
vent unauthorized users from 
initializing or booting the PC, 
from using software application 
programs, from accessing data, 
files and template programs and 
from gaining access to system 
resources such as disk drives, se- 
rial ports and modems, the ven- 
dor said. 

The products consist of the 
vendor’s Gordian Access Key 
device and a half-slot board. 
PCboot costs $179.95, Lanboot 
costs $379.95, and Dealerboot 
costs $225. Additional Gordian 
Access Keys cost $75 each. 

‘  Thumbscan, Suite 800, Two 
Mid-America Plaza, Oakbrook 
Terrace, Ill. 60181. 
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Biometric devices are increas- 
ingly finding use in personal 
computer-based applications. 
Identix, Inc. makes a line of 
fingerprint readers that are 
widely credited as ranking 
among the most accurate on the 
market. The smallest of Iden- 
tix’s systems is the IDX-10. It is 
not a new product, but what is 
new is its drastically reduced 
price of $5,000 (down from 
$7,500) and the machine the 
IDX-10 can now be fitted to 
guard — the IBM Personal Sys- 
tem/2. 


With the IDX-10, a PS/2 can 
be rendered inoperable until a 
would-be user properly identi- 
fies himself with a fingerprint 
reading. 

Identix, 2452 Watson Court, 
Palo Alto, Calif. 94303. 
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Fischer International Sys- 
tems Corp. is scheduled to un- 
veil an upgraded version of its 
Watchdog data security prod- 
uct for personal computers. 

Fischer claimed that Watch- 
dog Version 5 provides access 
control, multiple permission lev- 
els, automatic data encryption 
(using a proprietary encryption 
algorithm), an audit trail facility 
and a number of other main- 
frame-like security features to 
the IBM PC-DOS and Microsoft 
Corp. MS-DOS world. 

Watchdog is also one of the 
few PC security products to be 
placed on the U.S. Department 
of Defense’s National Computer 
Security Center’s official Evalu- 
ated Products List for Trusted 
Computer Systems. 

Watchdog Version 5 will cost 
$295. 

Fischer, 4073 Merchantile 
Ave., Naples, Fla. 33942. 
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A “new”’ product that can never 
seem to escape that introductory 
status is the smart card, a credit 
card-size device that contains a 
single microprocessor. 

Smart cards now have a U.S. 
champion in Micro Card Tech- 
nologies, Inc., which has intro- 
duced two even smarter smart 
cards: the MC89000, which 
has 64K bytes of erasable pro- 
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grammable read-only memory, 
and the MC49000, which 
boasts 16K bytes of electrically 
erasable programmable read- 
only memory. 

A single MC49000 card is 
priced at $6.85, and the 
MC89000 costs $6.10. There 
reportedly are substantial dis- 
counts for volume purchases 

Micro Card Technologies, 
14070 Proton Road, Dallas, 
Texas 75244. 
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Another type of smart card 
can be had from Security Dy- 
namics, Inc. The firm markets 
Secur ID, a device that com- 
bines the features of a smart card 
with those of a personal access 
device. Each card contains a tiny 
processor that generates a pseu- 
do random number every few 
seconds. Meanwhile, a host com- 
puter runs a program that gener- 
ates the same number at the 
same moment. In other words, 
both the host system and user’s 
card are producing a new unpre- 
dictable number every minute, 
but it is the same unpredictable 
number for both of them. 

To gain access to the host, a 
user must type in the number 
shown on his card. If it doesn’t 
match the host’s number, he is 
denied access. This year, Securi- 
ty Dynamics has introduced a 
new version called the Bank- 
er’s Card, which increases se- 
curity further by displaying the 
personal identification number 
only when directed to do so and 
remaining blank when not in use. 

Prices vary according to the 
installation. 

Security Dynamics, 2067 
Massachusetts Ave., Cam- 
bridge, Mass. 02140. 
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Blue Beat 


Continued from page 35 


in good company. In that era, the key de- 
cisions in IBM were made by the IBM Pol- 
icy Committee, which included John Opel, 
Paul Rizzo (now retired), Akers and 
Krowe. Note that IBM is being run by the 
same men who were in large measure re- 
sponsible for the firm’s earlier failures. 

The major change has been in reducing 
the role of IBM’s Corporate Management 
Board, which used to be the main vehicle 
for operational decision making. More 
day-to-day authority has now gone to the 
new business units: Enterprise Systems 
(370 products), Application Business Sys- 
tems (System/36 and 38), Communica- 
tion Systems (telecommunications), Per- 
sonal Systems (workstations and 
terminals, including the Personal Sys- 
tem/2) and Technology Products (compo- 
nents and packaging). This setup is inter- 
esting. IBM has gone back to something 
very much like its 1970s contention man- 
agement structure, with Enterprise Sys- 
tems in the old Data Processing Division 
role and Application Business Systems in 
the old General Systems Division role. If 
anything, the potential for contention is 
even greater. 

Personal Systems will now be in the 
field with high-end PS/2s that encroach 
on the mid-range bracket. Personal Sys- 
tems is headed by George Conrades, who 
is an IBM heavyweight likely to fight for 
his product lines. Meanwhile, Communi- 
cations Systems will be fielding its own 
distinct product lines. Adding to the cen- 
trifugal tendency here is that key product 
marketing responsibilities are moving out 
of the U.S. Marketing and Services Group 
into the product business units, which 
means that sales and marketing strate- 
gies are increasingly going to be set to 
meet business unit profit-and-loss objec- 
tives rather than broader IBM plans. 


An unenviab!»: job 

The remedy for this potential contingent 
is supposedly Terry Lautenbach and IBM 
United States. Formerly vice-president of 
the Information Systems and Communi- 
cations Group, Lautenbach has a new job 
as general manager of IBM United States, 
a move that has inevitably given rise to 
speculation that he has acquired a major 
power role. Forget that. Most IBM staff 
members don’t see him in line for the 
Akers succession. Lautenbach may move 
up a notch into one of the second-level 
corporate posts, but he won’t make it all 
the way. And he has the unenviable job of 
trying to coordinate a product line whose 
components are managed by profit-and- 
loss units headed by IBM management 
heavyweights with continued direct ac- 
cess to the top. 

Picture, if you will, one of the closed- 
door planning meetings. Conrades or Car] 
Conti of IBM Enterprise Systems wants 
to introduce a new product. He has to 
have the product to meet this year’s sales 
objectives. Hundreds of millions of dollars 
ride on the deal. ‘“‘No,”” Lautenbach cries. 
“Absolutely not! It’s not Systems Appli- 
cation Architecture compatible!’ There 
are no prizes for guessing the outcome. 

Also, looking at the IBM management 
appointments in the reorganization, it is 
clear that we are dealing with a somewhat 
less than radical revolution. All of them 
are ex-mainframers, all of them are for- 
mer marketing men and all of them have 
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continued their rise in the corporate hier- 
archy quite routinely. During the last five 
years, IBM has gone from boom to bust, 
has, by its own admission, made serious 
mistakes and has lost the confidence of 
whole chunks of its customer base. Some 
older executives have been retired, but 
the core of IBM management has not 
changed, the outlook has not changed and 
the thinking patterns have not changed. 

If anything, IBM is growing more con- 
servative. The reorganization takes us 
back to the 1970s, even to the 1960s. 
The 370 is king again. Out in the field, the 
focus is on salesmanship and hand-hold- 
ing. Bundling is coming back. IBM is even 
reverting to its practice of hardball com- 
petitive marketing and products an- 


nounced with unreal availability dates to 
forestall customer commitments to com- 
petitors. These tactics have not been 
seen since Frank Norris, then chairman of 
Control Data Corp., arm-twisted the fed- 
eral government into bringing an anti- 
trust suit against IBM in 1968. 

The most disturbing aspect of this sit:- 
ation is that IBM seems to have run out of 
ideas. It still refuses, in any real sense, to 
acknowledge problems with its products 
and does not seem to realize that it is no 
longer dealing with the docile, big-iron- 
oriented MIS community of the 1960s 
and early 1970s. It seems that IBM has, 
perhaps irrevocably, lost the capacity to 
generate change within its own ranks, and 
the prospects for any kind of real external 


pressure for change look remote. 

Could IBM customers generate that 
pressure? After all, IBM says it is listening 
to its users. But then again, did customers 
have anything to do with the latest shake- 
up? Did MIS officers take Akers aside and 
say, “Hey, John, what about reintroduc- 
ing contention management? You know, 
so that we can have the 370 guys and the 
System/36 and 38 guys doing their own 
thing. I’m getting real tired of this coordi- 
nated product line business.” Of course, 
they didn’t. But then, the Year of the Cus- 
tomer was last year. 


Jeffery is managing director of the International 
Technology Group, a management consulting and 
market research firm in Los Altos, Calif. 


AIL&T Power Protection Systems: 
Your best security against 
costly downtime. 


COMPUTERWORLD 


APRIL 6, 1988 





April 10-16 


Local-Area and PC Networks. Dallas, 
April 11-12 — Contact: Business Com- 
munications Review, 950 York Road, 
Hinsdale, Ill. 60521. 


Private Networks: Tariffs and De- 
sign Techniques. Washington, D.C., 
April 11-12 — Contact: Conference Reg- 
istrar, Telecom Publishing Group, P.O. 
Box 1455, Alexandria, Va. 22313. 
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Networks: A Detailed Examination 
of Digital Equipment Corp.’s Prod- 
ucts. Andover, Mass., April 11-13 — 
Contact: Information Engineering Insti- 
tute, Suite 207, 5119-A Leesburg Pike, 
Falls Church, Va. 22041. 


Supporting End-User Strategies: 
The Convergence of OA and the PC. 
San Francisco; April 11-13 — Contact: 
Technology Transfer Institute, 741 
Tenth St., Santa Monica, Calif. 90402. 


Atre Forum on Relational Data 
Base & CASE. Washington, D.C., April 


11-13 — Contact: Nancy Carafa, Atre In- 
ternational Consultants, Inc., P.O. Box 
727, 16 Elm Place, Rye, N.Y. 10580. 


The Association for Information and 
Image Management-1988 AIIM 
Show. Chicago, April 11-14 — Contact: 
James Breuer, AIIM, Suite 1100, 1100 
Wayne Ave., Silver Spring, Md. 20910. 


Local Communications Systems. 
Dallas, April 13-15 — Contact: Systems 
Technology Forum, Suite 150, 10201 
Lee Highway, Fairfax, Va. 22030. 


Application Prototyping: Imple- 
menting the New Systems Develop- 
ment Technology. Palo Alto, Calif., 
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experience in manufactur- 
ing power equipment. And, 
because AT&T also designs 


*) and manufactures com- 


Power disturbances, brief 
and imperceptible, cause 
very visible data loss, data 
errors, and equipment 
damage, all resulting in 
costly downtime. 
According to AT&T Bell 
Laboratories and IBM 
research, a typical com- 
puter site experiences as 
many as 135 commercial 
power disturbances a year, 
accounting for up to 50% of 
all computer downtime. 


The protection solution. 
AT&T offers two product 
lines to combat these dis- 
turbances: the Uninterrup- 
tible Power System (UPS) 
and the Power Line Condi- 
tioner (PLC). Each effec- 
tively eliminates power 
fluctuations, including 
noise, transients, peaks, 
brownouts, and distortions. 
The difference being that 
the UPS includes a built-in 
battery reserve for protec- 
tion against blackouts. The 
UPS is available in 1, 3,5 
and 10 KVA power ranges. 
The PLC is available in 3, 5 
and 10 KVA models. 


A 50-year advantage. 
Why specify AT&1's power 
protection equipment over 
that of other manufactur- 
ers? Because AT&T has an 
unmatched 50 years of 

- 


AT&T Power Protection Systems 


Dept. 203130-LEADS, 555 Union Blvd., Allentown, PA 18103 
| Please send me more information on UPS and PLC. 


—— 


| Nace A ili sities ntact nae 


| Company 
| City 


puters, we have a unique 
understanding of what 
should go into a superior 
power protection product. 

For instance, our parallel 
processing architecture 
offers reliability few others 
can provide. It also maxi- 
mizes cost-efficiency: less 
power is needed to run our 
systems, and heat loss is 
substantially reduced. 

Easy does it. 

AT&T UPS and PLC power 
protection systems are easy 
to install, need no operator, 
and require no scheduled 
maintenance. 

Furthermore, AT&T backs 
you with an unequalled 
nationwide service network 
and a 24-hour toll-free 
number for technical ser- 
vice support. 


Fast delivery. 

AT&T is ready to ship from 
stock. Once our Dallas facil- 
ity has your order in-hand, 
we'll have your system 
speeding on its way to your 
Site. 

So for maximum security 
against power disturbances, 
along with low-cost,trouble- 
free performance, call AT&T 
at 1 800 372-2447 or mail 
the coupon below. Let us 
show you how to turn 
expensive downtime into 
productive uptime. 


© 1987 AT&T 
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AT&T's UPS is available in 
1,3, 5 and 10 KVA models. 


ATs. 


The right choice. 
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April 14-15 — Contact: Digital Consult- 
ing, Inc., 6 Windsor St., Andover, Mass. 
01810. 


April 17-23 


Introduction to ISDN. Chicago, April 
18-19 — Contact: Business Communica- 
tions Review, 950 York Road, Hinsdale, 
Ill. 60521. 


Building Operational Expert Sys- 
tems. Los Angeles, April 18-20 — Con- 
tact: Technology Transfer Institute, 741 
Tenth St., Santa Monica, Calif. 90402. 


The National DB2 Tools Sympo- 
sium. New York, April 18-20 — Con- 
tact: Digital Consulting, Inc., 6 Windsor 
St., Andover, Mass. 01810. Also being 
held June 13-15 in Los Angeles. 


CEPS/Spring Corporate Electronic 
Publishing Systems. Chicago, April 
18-21 — Contact: Cahners Exposition 
Group, P.O. Box 3833, 999 Summer St., 
Stamford, Conn. 06905. 


What’s New in the Management of 
Telecommunications. Wellesley, 
Mass., April 19 — Contact: Jerry Kanter, 
Center for Information Management 
Studies, Babson College, Wellesley, 
Mass. 02157. 


The 1988 Records Management 
Southern Conference: Basic to Ad- 
vanced Technologies. Columbia, S.C., 
April 20-21 — Contact: Connie Owens, 
Standard Federal, 1339 Main St., Colum- 
bia, S.C. 29201. 


April 24-30 


Telemanagement Software: How To 
Plan and Select. New York, April 25- 
26 — Contact: Business Communications 
Review, 950 York Road, Hinsdale, Ill. 
60521. 


Speech Tech ’88. New York, April 26- 
28 — Contact: Stan Goldstein, Media Di- 
mensicns, 42 East 23rd St., New York, 
N.Y. 10010. 


FOCIS ’88: The Federation of Con- 
ferences on Information Systems. 
Washington, D.C., April 26-28 — Con- 
tact: FOCIS ’88 Registration, P.O. Box N, 
Wayland, Mass. 01778. 


NSA backs tool 


Continued from page 35 





plaintext message, using a specified vari- 
able, to produce ciphertext data. At the 
receiving end, the ciphertext data is de- 
crypted to produce the original plaintext 
data. 

According to Richard H. Robinson, di- 
rector of Secure Communications Pro- 
grams for Harris, the target market appli- 
cations for Cypher I will be commercial, 
satellite, mainframe communications, 
banking, brokerage and regular business 
transactions. 

The HS3447 Cypher I is priced at $80 
each in 1,000-unit quantities. According 
to the vendor, production units are avail- 
able now. — STAN KoLonziE} 

Circle Reader Service Number 111 
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SECURITY 


Safety, in numbers 
U.S. figures show disaster can be costly 


0 50 75 100 125 1 
Number of occurrences (In thousands) 


* Power surges are the most common cause of loss. Many may not be reported because power surges 
are not covered under ordinary insurance. 


INFORMATION PROVIDED BY A 1986 LOSS STUDY BY SAFEWARE, THE INSURANCE AGENCY, 
INC. OF 25,000 OF ITS INSURED MICRO SITES. THE U.S. FIGURES ABOVE ARE SAFEWARE’S 
PROJECTIONS MADE FROM THIS BASE. 


GRAPHIC BY BRUCE SANDERS 


OF 
INTEREST 


q Ox. best clients are the ones that were 
just ripped off.” 
DONN PARKER 


COMPUTER SECURITY CONSULTANT 
SRI INTERNATIONAL 


See story page 13 


neat issue 


s a top MIS communications concern, connectivity still reigns 

supreme. May’s Computerworld Focus will examine a range 

of networking issues from the rise of local-area networks 

that operate within a limited area to multinational network 

management and control. In addition, we’ll delve into the “hidden” ex- 

pense of maintaining a network for the long haul. Read about the latest 

developments in the acceptance of the Open Systems Interconnect pro- 

tocol and what is delaying the government’s FTS 2000 telecom project. 

Our Special Section reviews AT&T and IBM, the contenders now wag- 

ing a market battle for network dominance. To the victor go the spoils, 

but what will this fracas mean for MIS? See these stories and more in 
next month’s Focus. 
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In users 


we trust 
Michael D. Millikin 
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sers are dangerous. Not to mention 
lazy, ignorant and sloppy. Ask any 

-MIS person concerned with data se- 
curity. 

It was bad enough when terminals were the 
primary window into the information processing 
system. Even then, users tended to flout author- 
ity and precautions by taping passwords to their 
keyboards or desk drawers. But at least MIS had 
the data under lock and key. 

Now that’s all changed. With more than 20 
million personal computers humming away on 
desks, sensitive data is distribut- 
ed all over the place. From the 
perspective of security, it is as if 
a bank decided to guard its mon- 
ey by removing it from the vault 
and flinging it off a rooftop. 

Of the many aspects to PC 
data security, two stand out. 

First, there is the well-known 
antipathy of users to any procedure resembling 
routine backup (until they lose data, that is). 

As long as it is only the user’s resume that van- 
ishes into electron heaven, most in MIS could 
care less. But increasingly, there is sensitive cor- 
porate data resident on the disk. Then that ascen- 
sion becomes a BIG problem. 

Asecond aspect is the removable nature of PC 
data storage. Piracy is a snap when all you have to 
do is copy a file to a floppy. In some cases, thieves 
have even snatched entire hard disk drives. 

A partial solution to the first problem is slowly 
evolving with the incorporation of PCs into local- 
area networks. A server restores data — espe- 
cially sensitive data — toa central location. 

Even better from an MIS point of view are the 
evolving configurations offering centralized soft- 
ware distribution as well as data storage. Backup 
and security recede as headaches in such a situa- 
tion. For example, Digital Equipment’s Network 
Applications Services strategy (embracing Mi- 
crosoft MS-DOS, the Apple Computer Macintosh 
operating system, IBM OS/2 and DEC Ultrix) will 
offer users the workstation or terminal window of 
their choice, within limits, and provide MIS with 
centralized control. This is a win-win situation. 

But such architectures don’t solve the prob- 
lem of removable storage. Solutions to this re- 
main a hardware issue. One approach is to make 
removing the hard file extremely easy so that us- 
ers can lock it away in a safe at night. IBM recent- 
ly sanctioned this approach with a new external 
removable hard disk. 

Another approach is the use of diskless net- 
work stations. These are a compromise between 
the world of intelligent workstations and termi- 
nals. The trade-off is in user convenience. 

Currently, MIS must recognize that it has to 
rely upon those dangerous, lazy, ignorant and 
sloppy users for broad-based security. The key is 
the education of users in security issues — what 
to do and how to do it. Memos won’t hack it. Us- 
ers must buy into the concept if there is to be a 
chance of success. 


Millikin is vice-president and senior analyst with Patricia 
Seybold’s Office Computing Group in Boston. 
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10. Manufacturer (other than computer) 

20. Finance/Insurance/Real Estate 

30. Medicine/Law/Education 
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60. Government — State/Federai/Local 
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TITLE/FUNCTION 
IS/MIS/DP MANAGEMENT 
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Adm. Services 
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32. Programmer, Methods Analyst 
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Business 


Software 
That Reflects the Way You Work 


our day is spent juggling one thing after another. Writing reports...updating budgets...a call 

to review the new financials...scheduling meetings...a memo to the field...creating a business 

presentation...checking your customer list and much more. If you’re juggling, why is your 
standalone software handling only one task at a time? 


Uniplex puts the key business tools at your fingertips in a comprehensive business software system. 


Integrated...business functions including word proc- 
essing, spreadsheet, database management, electronic 
mail, personal desk accessories and an advanced 
graphics system in one easy-to-use software system 
with a single set of commands. 


Flexible...with the option to customize screens and 
menus, tailoring them for the organization, a depart- 
mental group or an individual. 


Multi-User...environments like Unix, Xenix and UI- 
trix are where Uniplex Business Software runs with an 
efficient networking capability. 

Portable...Uniplex Business Software runs on more 
than sixty different hardware systems — mainframe, 
mini and micro. 


Proven...In successful government, military, business 
and education installations worldwide. 


Finally, business software that truly reflects the way you work. 
Contact your dealer or call (800) 356-8063 


UNIPLEX 


BUSINESS 


SOFTWARE 





Dallas, Texas 75231 
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Benson Telecommunications 


SCREEN DISPLAY 


Whenever two or more people get 
together to examine computer data/ 
graphics, a real-time, large screen 
projection system is an invaluable tool. 
Electrohome pioneered the concept of 
computer projection and, today, offers the 
most complete line of advanced systems. In 
the forefront are the new ECP® GRAPHICS 


single lens and ECP 3000 three lens systems. 


Both feature an advanced microprocessor 
that simplifies operation, and widens the 
capabilities gap between Electrohome and 
other projection systems. 


Computer Intelligence 
makes the difference 


This powerful microprocessor directs 
and monitors the main functions of 
the projection systems. Infrared 
remote control, help menus, fre- 
quency auto lock, diagnostics, 
digital convergence and memory 

are the prime benefits. “Plug- 

in module architecture” 

allows for the use of a variety 
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of optional modules - extending function- 
ality and hardware updating. 


The ECP Graphics 


This new single lens system can project 

images generated by high resolution 

(1024 x 1280 pixels, non-interlaced) CAD/ 

CAM terminals, as well as video. Because it 

automatically locks on scan rates from 15-80 
KHz, it’s perfect for use with VCRs, 

PCs, terminals or high res CAD/CAM 
work stations. The ECP GRAPHICS is 
extremely portable and has 


ROHOME 


VARI-FOCUS for screens 5’ to 14’ 
diagonal (front, rear or curved). 


The ECP 3000 


This new 3-lens system offers a bright, crisp 
image for screen sizes from 5’to 25’ diago- 
nal (front, rear or curved) and VARI-SCAN 
from 15-50 KHz. Like the ECP GRAPHICS this 
unit has a multi-function infrared remote 
control that includes digital convergence 
and all projector functions. 


Large Screen Solutions 
for every application 

Sales and Service in 40 Countries World- 
wide. For more information on Electrohome 
color and monochrome projection systems, 
send your business card to 

Electrohome Limited, 

P.O. Box 628, Buffalo, NY 14225-0628. 


In the U.S.A. call 1-800-265-2171. 
In Canada call 1-519-744-7111. 


ECP® is a registered trademark of 
Electrohome Limited. 


Screen image courtesy of SAS Institute Inc. 


EYE-OPENING LARGE SCREEN PRESENTATIONS 


SEE US AT COMDEX BOOTH #2232 
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